An asterisk * in the title indicates the field is mandatory.
If a field has a default value, it is shown in the Description column.
If the field type is an array, the Field Name has a .[n] suffix, where n is the array index placeholder.
Object and array field names are listed to provide context. If a field belongs to an object or an array, the full field name is shown in dot separated notation.

Title			Description	Details
Policy Name *			Name of the alerting policy. This must be unique per hierarchy.	Field Name: name Type: String MaxLength: 255
Description			Provide a brief description of this policy.	Field Name: description Type: String MaxLength: 2048
Enabled			Is this policy enabled?	Field Name: enabled Type: Boolean
	Filters		Global filters to apply before processing policy rules.	Field Name: policy_filters.[n] Type: Array
		Name		Field Name: policy_filters.[n].description Type: String
		Location *		Field Name: policy_filters.[n].location Type: String Choices: ["Header", "Raw log"]
		Pattern Type *		Field Name: policy_filters.[n].pattern_type Type: String Choices: ["Match", "Match/Extract"]
		Pattern	Header name or regular expression for raw logs.	Field Name: policy_filters.[n].pattern Type: String
		Function		Field Name: policy_filters.[n].function Type: String Choices: ["Greater Than", "Less Than", "Same"]
		Function Value		Field Name: policy_filters.[n].function_value Type: Integer
		Token	used for alert message output order	Field Name: policy_filters.[n].token Type: Integer
	Enrichment		Enrich the alert with table details or additional verbage.	Field Name: enrichment.[n] Type: Array
		Location *		Field Name: enrichment.[n].location Type: String Choices: ["table", "custom"]
		Item		Field Name: enrichment.[n].item Type: String
		Token	used for alert message output order	Field Name: enrichment.[n].token Type: Integer

Model: data/AlertingPolicy

Model Details: data/AlertingPolicy