Optional additionalA container for additional, undeclared properties. This is a holder for any undeclared properties as specified with the 'additionalProperties' keyword in the OAS document.
Optional casesCases for generating signals.
Optional complianceHow to generate compliance signals. Useful for cloud_configuration rules only.
Optional customCustom/Overridden Message for generated signals (used in case of Default rule update).
Optional customCustom/Overridden name (used in case of Default rule update).
Optional filtersAdditional queries to filter matched events before they are processed. This field is deprecated for log detection, signal correlation, and workload security rules.
Optional groupAdditional grouping to perform on top of the existing groups in the query section. Must be a subset of the existing groups.
Optional hasWhether the notifications include the triggering group-by values in their title.
Optional isWhether the rule is enabled.
Optional messageMessage for generated signals.
Optional nameName of the rule.
Optional optionsOptions.
Optional queriesQueries for selecting logs which are part of the rule.
Optional referenceReference tables for the rule.
Optional tagsTags for generated signals.
Optional thirdCases for generating signals from third-party rules. Only available for third-party rules.
Optional versionThe version of the rule being updated.
Generated using TypeDoc
Update an existing rule.