Class SecurityMonitoringStandardRuleQuery

Query for matching rule.

Hierarchy

  • SecurityMonitoringStandardRuleQuery

Constructors

Properties

additionalProperties?: {
    [key: string]: any;
}

A container for additional, undeclared properties. This is a holder for any undeclared properties as specified with the 'additionalProperties' keyword in the OAS document.

Type declaration

  • [key: string]: any

The aggregation type.

distinctFields?: string[]

Field for which the cardinality is measured. Sent as an array.

groupByFields?: string[]

Fields to group by.

hasOptionalGroupByFields?: boolean

When false, events without a group-by value are ignored by the rule. When true, events with missing group-by fields are processed with N/A, replacing the missing values.

metric?: string

(Deprecated) The target field to aggregate over when using the sum or max aggregations. metrics field should be used instead.

metrics?: string[]

Group of target fields to aggregate over when using the sum, max, geo data, or new value aggregations. The sum, max, and geo data aggregations only accept one value in this list, whereas the new value aggregation accepts up to five values.

name?: string

Name of the query.

query?: string

Query to run on logs.

Generated using TypeDoc