Optional additionalA container for additional, undeclared properties. This is a holder for any undeclared properties as specified with the 'additionalProperties' keyword in the OAS document.
Optional calculatedCalculated fields. Only allowed for scheduled rules - in other words, when schedulingOptions is also defined.
Cases for generating signals.
Optional filtersAdditional queries to filter matched events before they are processed. This field is deprecated for log detection, signal correlation, and workload security rules.
Optional groupAdditional grouping to perform on top of the existing groups in the query section. Must be a subset of the existing groups.
Optional hasWhether the notifications include the triggering group-by values in their title.
Whether the rule is enabled.
Message for generated signals.
The name of the rule.
Options.
Queries for selecting logs which are part of the rule.
Optional referenceReference tables for the rule.
Optional schedulingOptions for scheduled rules. When this field is present, the rule runs based on the schedule. When absent, it runs real-time on ingested logs.
Optional tagsTags for generated signals.
Optional thirdCases for generating signals from third-party rules. Only available for third-party rules.
Optional typeThe rule type.
Generated using TypeDoc
The payload of a rule to test