Options on rules.

Hierarchy

  • SecurityMonitoringRuleOptions

Constructors

Properties

additionalProperties?: {
    [key: string]: any;
}

A container for additional, undeclared properties. This is a holder for any undeclared properties as specified with the 'additionalProperties' keyword in the OAS document.

Type declaration

  • [key: string]: any

Options for cloud_configuration rules. Fields resourceType and regoRule are mandatory when managing custom cloud_configuration rules.

decreaseCriticalityBasedOnEnv?: boolean

If true, signals in non-production environments have a lower severity than what is defined by the rule case, which can reduce signal noise. The severity is decreased by one level: CRITICAL in production becomes HIGH in non-production, HIGH becomes MEDIUM and so on. INFO remains INFO. The decrement is applied when the environment tag of the signal starts with staging, test or dev.

The detection method.

A time window is specified to match when at least one of the cases matches true. This is a sliding window and evaluates in real time. For third party rules, this field is not used.

Hardcoded evaluator type.

Options on impossible travel rules.

Once a signal is generated, the signal will remain “open” if a case is matched at least once within this keep alive window. For third party rules, this field is not used.

A signal will “close” regardless of the query being matched once the time exceeds the maximum duration. This time is calculated from the first seen timestamp.

Options on new value rules.

Options on third party rules.

Generated using TypeDoc