Class SecurityMonitoringStandardRuleResponse

Rule.

Hierarchy

  • SecurityMonitoringStandardRuleResponse

Constructors

constructor

Properties

additionalProperties? calculatedFields? cases? complianceSignalOptions? createdAt? creationAuthorId? customMessage? customName? defaultTags? deprecationDate? filters? groupSignalsBy? hasExtendedTitle? id? isDefault? isDeleted? isEnabled? message? name? options? queries? referenceTables? schedulingOptions? tags? thirdPartyCases? type? updateAuthorId? updatedAt? version?

Constructors

constructor

Properties

Optional additionalProperties

additionalProperties?: {
    [key: string]: any;
}

A container for additional, undeclared properties. This is a holder for any undeclared properties as specified with the 'additionalProperties' keyword in the OAS document.

Type declaration

  • [key: string]: any

Optional calculatedFields

calculatedFields?: CalculatedField[]

Calculated fields. Only allowed for scheduled rules - in other words, when schedulingOptions is also defined.

Optional cases

cases?: SecurityMonitoringRuleCase[]

Cases for generating signals.

Optional complianceSignalOptions

complianceSignalOptions?: CloudConfigurationRuleComplianceSignalOptions

How to generate compliance signals. Useful for cloud_configuration rules only.

Optional createdAt

createdAt?: number

When the rule was created, timestamp in milliseconds.

Optional creationAuthorId

creationAuthorId?: number

User ID of the user who created the rule.

Optional customMessage

customMessage?: string

Custom/Overridden message for generated signals (used in case of Default rule update).

Optional customName

customName?: string

Custom/Overridden name of the rule (used in case of Default rule update).

Optional defaultTags

defaultTags?: string[]

Default Tags for default rules (included in tags)

Optional deprecationDate

deprecationDate?: number

When the rule will be deprecated, timestamp in milliseconds.

Optional filters

filters?: SecurityMonitoringFilter[]

Additional queries to filter matched events before they are processed. This field is deprecated for log detection, signal correlation, and workload security rules.

Optional groupSignalsBy

groupSignalsBy?: string[]

Additional grouping to perform on top of the existing groups in the query section. Must be a subset of the existing groups.

Optional hasExtendedTitle

hasExtendedTitle?: boolean

Whether the notifications include the triggering group-by values in their title.

Optional id

id?: string

The ID of the rule.

Optional isDefault

isDefault?: boolean

Whether the rule is included by default.

Optional isDeleted

isDeleted?: boolean

Whether the rule has been deleted.

Optional isEnabled

isEnabled?: boolean

Whether the rule is enabled.

Optional message

message?: string

Message for generated signals.

Optional name

name?: string

The name of the rule.

Optional options

options?: SecurityMonitoringRuleOptions

Options.

Optional queries

queries?: SecurityMonitoringStandardRuleQuery[]

Queries for selecting logs which are part of the rule.

Optional referenceTables

referenceTables?: SecurityMonitoringReferenceTable[]

Reference tables for the rule.

Optional schedulingOptions

schedulingOptions?: SecurityMonitoringSchedulingOptions

Options for scheduled rules. When this field is present, the rule runs based on the schedule. When absent, it runs real-time on ingested logs.

Optional tags

tags?: string[]

Tags for generated signals.

Optional thirdPartyCases

thirdPartyCases?: SecurityMonitoringThirdPartyRuleCase[]

Cases for generating signals from third-party rules. Only available for third-party rules.

Optional type

type?: SecurityMonitoringRuleTypeRead

The rule type.

Optional updateAuthorId

updateAuthorId?: number

User ID of the user who updated the rule.

Optional updatedAt

updatedAt?: number

The date the rule was last updated, in milliseconds.

Optional version

version?: number

The version of the rule.

Settings

Member Visibility

Theme

Generated using TypeDoc