Interface RuleOrBuilder (0.1.0)

Output only. Additional metadata specified in the meta section of text. Populated in FULL view.

map<string, string> metadata = 7 [(.google.api.field_behavior) = OUTPUT_ONLY];

Output only. The run frequencies that are allowed for the rule. Populated in BASIC view and FULL view.

repeated .google.cloud.chronicle.v1.RunFrequency allowed_run_frequencies = 14 [(.google.api.field_behavior) = OUTPUT_ONLY];

Output only. The run frequencies that are allowed for the rule. Populated in BASIC view and FULL view.

repeated .google.cloud.chronicle.v1.RunFrequency allowed_run_frequencies = 14 [(.google.api.field_behavior) = OUTPUT_ONLY];

Output only. The run frequencies that are allowed for the rule. Populated in BASIC view and FULL view.

repeated .google.cloud.chronicle.v1.RunFrequency allowed_run_frequencies = 14 [(.google.api.field_behavior) = OUTPUT_ONLY];

Output only. The run frequencies that are allowed for the rule. Populated in BASIC view and FULL view.

repeated .google.cloud.chronicle.v1.RunFrequency allowed_run_frequencies = 14 [(.google.api.field_behavior) = OUTPUT_ONLY];

Output only. The run frequencies that are allowed for the rule. Populated in BASIC view and FULL view.

repeated .google.cloud.chronicle.v1.RunFrequency allowed_run_frequencies = 14 [(.google.api.field_behavior) = OUTPUT_ONLY];

Output only. The author of the rule. Extracted from the meta section of text. Populated in BASIC view and FULL view.

string author = 5 [(.google.api.field_behavior) = OUTPUT_ONLY];

Output only. The author of the rule. Extracted from the meta section of text. Populated in BASIC view and FULL view.

string author = 5 [(.google.api.field_behavior) = OUTPUT_ONLY];

Output only. A list of a rule's corresponding compilation diagnostic messages such as compilation errors and compilation warnings. Populated in FULL view.

repeated .google.cloud.chronicle.v1.CompilationDiagnostic compilation_diagnostics = 17 [(.google.api.field_behavior) = OUTPUT_ONLY];

Output only. A list of a rule's corresponding compilation diagnostic messages such as compilation errors and compilation warnings. Populated in FULL view.

repeated .google.cloud.chronicle.v1.CompilationDiagnostic compilation_diagnostics = 17 [(.google.api.field_behavior) = OUTPUT_ONLY];

Output only. A list of a rule's corresponding compilation diagnostic messages such as compilation errors and compilation warnings. Populated in FULL view.

repeated .google.cloud.chronicle.v1.CompilationDiagnostic compilation_diagnostics = 17 [(.google.api.field_behavior) = OUTPUT_ONLY];

Output only. A list of a rule's corresponding compilation diagnostic messages such as compilation errors and compilation warnings. Populated in FULL view.

repeated .google.cloud.chronicle.v1.CompilationDiagnostic compilation_diagnostics = 17 [(.google.api.field_behavior) = OUTPUT_ONLY];

Output only. A list of a rule's corresponding compilation diagnostic messages such as compilation errors and compilation warnings. Populated in FULL view.

repeated .google.cloud.chronicle.v1.CompilationDiagnostic compilation_diagnostics = 17 [(.google.api.field_behavior) = OUTPUT_ONLY];

Output only. The current compilation state of the rule. Populated in FULL view.

.google.cloud.chronicle.v1.Rule.CompilationState compilation_state = 10 [(.google.api.field_behavior) = OUTPUT_ONLY];

Output only. The current compilation state of the rule. Populated in FULL view.

.google.cloud.chronicle.v1.Rule.CompilationState compilation_state = 10 [(.google.api.field_behavior) = OUTPUT_ONLY];

Output only. The timestamp of when the rule was created. Populated in FULL view.

.google.protobuf.Timestamp create_time = 8 [(.google.api.field_behavior) = OUTPUT_ONLY];

Output only. The timestamp of when the rule was created. Populated in FULL view.

.google.protobuf.Timestamp create_time = 8 [(.google.api.field_behavior) = OUTPUT_ONLY];

Output only. Display name of the rule. Populated in BASIC view and FULL view.

string display_name = 3 [(.google.api.field_behavior) = OUTPUT_ONLY];

Output only. Display name of the rule. Populated in BASIC view and FULL view.

string display_name = 3 [(.google.api.field_behavior) = OUTPUT_ONLY];

The etag for this rule. If this is provided on update, the request will succeed if and only if it matches the server-computed value, and will fail with an ABORTED error otherwise. Populated in BASIC view and FULL view.

string etag = 15;

The etag for this rule. If this is provided on update, the request will succeed if and only if it matches the server-computed value, and will fail with an ABORTED error otherwise. Populated in BASIC view and FULL view.

string etag = 15;

Output only. The set of inputs used in the rule. For example, if the rule uses $e.principal.hostname, then the uses_udm field will be true.

.google.cloud.chronicle.v1.InputsUsed inputs_used = 20 [(.google.api.field_behavior) = OUTPUT_ONLY];

Output only. The set of inputs used in the rule. For example, if the rule uses $e.principal.hostname, then the uses_udm field will be true.

.google.cloud.chronicle.v1.InputsUsed inputs_used = 20 [(.google.api.field_behavior) = OUTPUT_ONLY];

Use #getMetadataMap() instead.

Output only. Additional metadata specified in the meta section of text. Populated in FULL view.

map<string, string> metadata = 7 [(.google.api.field_behavior) = OUTPUT_ONLY];

Output only. Additional metadata specified in the meta section of text. Populated in FULL view.

map<string, string> metadata = 7 [(.google.api.field_behavior) = OUTPUT_ONLY];

Output only. Additional metadata specified in the meta section of text. Populated in FULL view.

map<string, string> metadata = 7 [(.google.api.field_behavior) = OUTPUT_ONLY];

Output only. Additional metadata specified in the meta section of text. Populated in FULL view.

map<string, string> metadata = 7 [(.google.api.field_behavior) = OUTPUT_ONLY];

Identifier. Full resource name for the rule. Format: projects/{project}/locations/{location}/instances/{instance}/rules/{rule}

string name = 1 [(.google.api.field_behavior) = IDENTIFIER];

Identifier. Full resource name for the rule. Format: projects/{project}/locations/{location}/instances/{instance}/rules/{rule}

string name = 1 [(.google.api.field_behavior) = IDENTIFIER];

Output only. Indicate the rule can run in near real time live rule. If this is true, the rule uses the near real time live rule when the run frequency is set to LIVE.

bool near_real_time_live_rule_eligible = 18 [(.google.api.field_behavior) = OUTPUT_ONLY];

Output only. Resource names of the reference lists used in this rule. Populated in FULL view.

repeated string reference_lists = 13 [(.google.api.field_behavior) = OUTPUT_ONLY, (.google.api.resource_reference) = { ... }

Output only. Resource names of the reference lists used in this rule. Populated in FULL view.

repeated string reference_lists = 13 [(.google.api.field_behavior) = OUTPUT_ONLY, (.google.api.resource_reference) = { ... }

Output only. Resource names of the reference lists used in this rule. Populated in FULL view.

repeated string reference_lists = 13 [(.google.api.field_behavior) = OUTPUT_ONLY, (.google.api.resource_reference) = { ... }

Output only. Resource names of the reference lists used in this rule. Populated in FULL view.

repeated string reference_lists = 13 [(.google.api.field_behavior) = OUTPUT_ONLY, (.google.api.resource_reference) = { ... }

Output only. The timestamp of when the rule revision was created. Populated in FULL, REVISION_METADATA_ONLY views.

.google.protobuf.Timestamp revision_create_time = 9 [(.google.api.field_behavior) = OUTPUT_ONLY];

Output only. The timestamp of when the rule revision was created. Populated in FULL, REVISION_METADATA_ONLY views.

.google.protobuf.Timestamp revision_create_time = 9 [(.google.api.field_behavior) = OUTPUT_ONLY];

Output only. The revision ID of the rule. A new revision is created whenever the rule text is changed in any way. Format: v_{10 digits}_{9 digits} Populated in REVISION_METADATA_ONLY view and FULL view.

string revision_id = 2 [(.google.api.field_behavior) = OUTPUT_ONLY];

Output only. The revision ID of the rule. A new revision is created whenever the rule text is changed in any way. Format: v_{10 digits}_{9 digits} Populated in REVISION_METADATA_ONLY view and FULL view.

string revision_id = 2 [(.google.api.field_behavior) = OUTPUT_ONLY];

Resource name of the DataAccessScope bound to this rule. Populated in BASIC view and FULL view. If reference lists are used in the rule, validations will be performed against this scope to ensure that the reference lists are compatible with both the user's and the rule's scopes. The scope should be in the format: projects/{project}/locations/{location}/instances/{instance}/dataAccessScopes/{scope}.

string scope = 16 [(.google.api.resource_reference) = { ... }

Resource name of the DataAccessScope bound to this rule. Populated in BASIC view and FULL view. If reference lists are used in the rule, validations will be performed against this scope to ensure that the reference lists are compatible with both the user's and the rule's scopes. The scope should be in the format: projects/{project}/locations/{location}/instances/{instance}/dataAccessScopes/{scope}.

string scope = 16 [(.google.api.resource_reference) = { ... }

Output only. The severity of the rule as specified in the meta section of text. Populated in BASIC view and FULL view.

.google.cloud.chronicle.v1.Severity severity = 6 [(.google.api.field_behavior) = OUTPUT_ONLY];

Output only. The severity of the rule as specified in the meta section of text. Populated in BASIC view and FULL view.

.google.cloud.chronicle.v1.Severity severity = 6 [(.google.api.field_behavior) = OUTPUT_ONLY];

The YARA-L content of the rule. Populated in FULL view.

string text = 4;

The YARA-L content of the rule. Populated in FULL view.

string text = 4;

Output only. User-facing type of the rule. Extracted from the events section of rule text. Populated in BASIC view and FULL view.

.google.cloud.chronicle.v1.RuleType type = 12 [(.google.api.field_behavior) = OUTPUT_ONLY];

Output only. User-facing type of the rule. Extracted from the events section of rule text. Populated in BASIC view and FULL view.

.google.cloud.chronicle.v1.RuleType type = 12 [(.google.api.field_behavior) = OUTPUT_ONLY];

Output only. The timestamp of when the rule was created. Populated in FULL view.

.google.protobuf.Timestamp create_time = 8 [(.google.api.field_behavior) = OUTPUT_ONLY];

Output only. The set of inputs used in the rule. For example, if the rule uses $e.principal.hostname, then the uses_udm field will be true.

.google.cloud.chronicle.v1.InputsUsed inputs_used = 20 [(.google.api.field_behavior) = OUTPUT_ONLY];

Output only. The timestamp of when the rule revision was created. Populated in FULL, REVISION_METADATA_ONLY views.

.google.protobuf.Timestamp revision_create_time = 9 [(.google.api.field_behavior) = OUTPUT_ONLY];

Output only. The severity of the rule as specified in the meta section of text. Populated in BASIC view and FULL view.

.google.cloud.chronicle.v1.Severity severity = 6 [(.google.api.field_behavior) = OUTPUT_ONLY];