Optional additionalA container for additional, undeclared properties. This is a holder for any undeclared properties as specified with the 'additionalProperties' keyword in the OAS document.
Optional complianceOptions for cloud_configuration rules.
Fields resourceType and regoRule are mandatory when managing custom cloud_configuration rules.
Optional decreaseIf true, signals in non-production environments have a lower severity than what is defined by the rule case, which can reduce signal noise.
The severity is decreased by one level: CRITICAL in production becomes HIGH in non-production, HIGH becomes MEDIUM and so on. INFO remains INFO.
The decrement is applied when the environment tag of the signal starts with staging, test or dev.
Optional detectionThe detection method.
Optional evaluationA time window is specified to match when at least one of the cases matches true. This is a sliding window and evaluates in real time. For third party rules, this field is not used.
Optional hardcodedHardcoded evaluator type.
Optional impossibleOptions on impossible travel rules.
Optional keepOnce a signal is generated, the signal will remain “open” if a case is matched at least once within this keep alive window. For third party rules, this field is not used.
Optional maxA signal will “close” regardless of the query being matched once the time exceeds the maximum duration. This time is calculated from the first seen timestamp.
Optional newOptions on new value rules.
Optional thirdOptions on third party rules.
Generated using TypeDoc
Options on rules.