Class SecurityMonitoringStandardRuleQuery

Query for matching rule.

Hierarchy

  • SecurityMonitoringStandardRuleQuery

Constructors

constructor

Properties

additionalProperties? aggregation? distinctFields? groupByFields? hasOptionalGroupByFields? metric? metrics? name? query?

Constructors

constructor

Properties

Optional additionalProperties

additionalProperties?: {
    [key: string]: any;
}

A container for additional, undeclared properties. This is a holder for any undeclared properties as specified with the 'additionalProperties' keyword in the OAS document.

Type declaration

  • [key: string]: any

Optional aggregation

aggregation?: SecurityMonitoringRuleQueryAggregation

The aggregation type.

Optional distinctFields

distinctFields?: string[]

Field for which the cardinality is measured. Sent as an array.

Optional groupByFields

groupByFields?: string[]

Fields to group by.

Optional hasOptionalGroupByFields

hasOptionalGroupByFields?: boolean

When false, events without a group-by value are ignored by the rule. When true, events with missing group-by fields are processed with N/A, replacing the missing values.

Optional metric

metric?: string

(Deprecated) The target field to aggregate over when using the sum or max aggregations. metrics field should be used instead.

Optional metrics

metrics?: string[]

Group of target fields to aggregate over when using the sum, max, geo data, or new value aggregations. The sum, max, and geo data aggregations only accept one value in this list, whereas the new value aggregation accepts up to five values.

Optional name

name?: string

Name of the query.

Optional query

query?: string

Query to run on logs.

Settings

Member Visibility

Theme

Generated using TypeDoc