Reference documentation and code samples for the Google Cloud Chronicle V1 Client class Rule.
The Rule resource represents a user-created rule.
NEXT TAG: 21
Generated from protobuf message google.cloud.chronicle.v1.Rule
Namespace
Google \ Cloud \ Chronicle \ V1Methods
__construct
Constructor.
| Parameters | |
|---|---|
| Name | Description |
data |
array
Optional. Data for populating the Message object. |
↳ name |
string
Identifier. Full resource name for the rule. Format: |
↳ revision_id |
string
Output only. The revision ID of the rule. A new revision is created whenever the rule text is changed in any way. Format: |
↳ display_name |
string
Output only. Display name of the rule. Populated in BASIC view and FULL view. |
↳ text |
string
The YARA-L content of the rule. Populated in FULL view. |
↳ author |
string
Output only. The author of the rule. Extracted from the meta section of text. Populated in BASIC view and FULL view. |
↳ severity |
Severity
Output only. The severity of the rule as specified in the meta section of text. Populated in BASIC view and FULL view. |
↳ metadata |
array|Google\Protobuf\Internal\MapField
Output only. Additional metadata specified in the meta section of text. Populated in FULL view. |
↳ create_time |
Google\Protobuf\Timestamp
Output only. The timestamp of when the rule was created. Populated in FULL view. |
↳ revision_create_time |
Google\Protobuf\Timestamp
Output only. The timestamp of when the rule revision was created. Populated in FULL, REVISION_METADATA_ONLY views. |
↳ compilation_state |
int
Output only. The current compilation state of the rule. Populated in FULL view. |
↳ type |
int
Output only. User-facing type of the rule. Extracted from the events section of rule text. Populated in BASIC view and FULL view. |
↳ reference_lists |
array
Output only. Resource names of the reference lists used in this rule. Populated in FULL view. |
↳ allowed_run_frequencies |
array
Output only. The run frequencies that are allowed for the rule. Populated in BASIC view and FULL view. |
↳ etag |
string
The etag for this rule. If this is provided on update, the request will succeed if and only if it matches the server-computed value, and will fail with an ABORTED error otherwise. Populated in BASIC view and FULL view. |
↳ scope |
string
Resource name of the DataAccessScope bound to this rule. Populated in BASIC view and FULL view. If reference lists are used in the rule, validations will be performed against this scope to ensure that the reference lists are compatible with both the user's and the rule's scopes. The scope should be in the format: |
↳ compilation_diagnostics |
array<CompilationDiagnostic>
Output only. A list of a rule's corresponding compilation diagnostic messages such as compilation errors and compilation warnings. Populated in FULL view. |
↳ near_real_time_live_rule_eligible |
bool
Output only. Indicate the rule can run in near real time live rule. If this is true, the rule uses the near real time live rule when the run frequency is set to LIVE. |
↳ inputs_used |
InputsUsed
Output only. The set of inputs used in the rule. For example, if the rule uses $e.principal.hostname, then the uses_udm field will be true. |
getName
Identifier. Full resource name for the rule.
Format:
projects/{project}/locations/{location}/instances/{instance}/rules/{rule}
| Returns | |
|---|---|
| Type | Description |
string |
|
setName
Identifier. Full resource name for the rule.
Format:
projects/{project}/locations/{location}/instances/{instance}/rules/{rule}
| Parameter | |
|---|---|
| Name | Description |
var |
string
|
| Returns | |
|---|---|
| Type | Description |
$this |
|
getRevisionId
Output only. The revision ID of the rule.
A new revision is created whenever the rule text is changed in any way.
Format: v_{10 digits}_{9 digits}
Populated in REVISION_METADATA_ONLY view and FULL view.
| Returns | |
|---|---|
| Type | Description |
string |
|
setRevisionId
Output only. The revision ID of the rule.
A new revision is created whenever the rule text is changed in any way.
Format: v_{10 digits}_{9 digits}
Populated in REVISION_METADATA_ONLY view and FULL view.
| Parameter | |
|---|---|
| Name | Description |
var |
string
|
| Returns | |
|---|---|
| Type | Description |
$this |
|
getDisplayName
Output only. Display name of the rule.
Populated in BASIC view and FULL view.
| Returns | |
|---|---|
| Type | Description |
string |
|
setDisplayName
Output only. Display name of the rule.
Populated in BASIC view and FULL view.
| Parameter | |
|---|---|
| Name | Description |
var |
string
|
| Returns | |
|---|---|
| Type | Description |
$this |
|
getText
The YARA-L content of the rule.
Populated in FULL view.
| Returns | |
|---|---|
| Type | Description |
string |
|
setText
The YARA-L content of the rule.
Populated in FULL view.
| Parameter | |
|---|---|
| Name | Description |
var |
string
|
| Returns | |
|---|---|
| Type | Description |
$this |
|
getAuthor
Output only. The author of the rule. Extracted from the meta section of text. Populated in BASIC view and FULL view.
| Returns | |
|---|---|
| Type | Description |
string |
|
setAuthor
Output only. The author of the rule. Extracted from the meta section of text. Populated in BASIC view and FULL view.
| Parameter | |
|---|---|
| Name | Description |
var |
string
|
| Returns | |
|---|---|
| Type | Description |
$this |
|
getSeverity
Output only. The severity of the rule as specified in the meta section of text. Populated in BASIC view and FULL view.
| Returns | |
|---|---|
| Type | Description |
Severity|null |
|
hasSeverity
clearSeverity
setSeverity
Output only. The severity of the rule as specified in the meta section of text. Populated in BASIC view and FULL view.
| Parameter | |
|---|---|
| Name | Description |
var |
Severity
|
| Returns | |
|---|---|
| Type | Description |
$this |
|
getMetadata
Output only. Additional metadata specified in the meta section of text.
Populated in FULL view.
| Returns | |
|---|---|
| Type | Description |
Google\Protobuf\Internal\MapField |
|
setMetadata
Output only. Additional metadata specified in the meta section of text.
Populated in FULL view.
| Parameter | |
|---|---|
| Name | Description |
var |
array|Google\Protobuf\Internal\MapField
|
| Returns | |
|---|---|
| Type | Description |
$this |
|
getCreateTime
Output only. The timestamp of when the rule was created.
Populated in FULL view.
| Returns | |
|---|---|
| Type | Description |
Google\Protobuf\Timestamp|null |
|
hasCreateTime
clearCreateTime
setCreateTime
Output only. The timestamp of when the rule was created.
Populated in FULL view.
| Parameter | |
|---|---|
| Name | Description |
var |
Google\Protobuf\Timestamp
|
| Returns | |
|---|---|
| Type | Description |
$this |
|
getRevisionCreateTime
Output only. The timestamp of when the rule revision was created.
Populated in FULL, REVISION_METADATA_ONLY views.
| Returns | |
|---|---|
| Type | Description |
Google\Protobuf\Timestamp|null |
|
hasRevisionCreateTime
clearRevisionCreateTime
setRevisionCreateTime
Output only. The timestamp of when the rule revision was created.
Populated in FULL, REVISION_METADATA_ONLY views.
| Parameter | |
|---|---|
| Name | Description |
var |
Google\Protobuf\Timestamp
|
| Returns | |
|---|---|
| Type | Description |
$this |
|
getCompilationState
Output only. The current compilation state of the rule.
Populated in FULL view.
| Returns | |
|---|---|
| Type | Description |
int |
|
setCompilationState
Output only. The current compilation state of the rule.
Populated in FULL view.
| Parameter | |
|---|---|
| Name | Description |
var |
int
|
| Returns | |
|---|---|
| Type | Description |
$this |
|
getType
Output only. User-facing type of the rule. Extracted from the events section of rule text. Populated in BASIC view and FULL view.
| Returns | |
|---|---|
| Type | Description |
int |
|
setType
Output only. User-facing type of the rule. Extracted from the events section of rule text. Populated in BASIC view and FULL view.
| Parameter | |
|---|---|
| Name | Description |
var |
int
|
| Returns | |
|---|---|
| Type | Description |
$this |
|
getReferenceLists
Output only. Resource names of the reference lists used in this rule.
Populated in FULL view.
| Returns | |
|---|---|
| Type | Description |
Google\Protobuf\Internal\RepeatedField |
|
setReferenceLists
Output only. Resource names of the reference lists used in this rule.
Populated in FULL view.
| Parameter | |
|---|---|
| Name | Description |
var |
string[]
|
| Returns | |
|---|---|
| Type | Description |
$this |
|
getAllowedRunFrequencies
Output only. The run frequencies that are allowed for the rule.
Populated in BASIC view and FULL view.
| Returns | |
|---|---|
| Type | Description |
Google\Protobuf\Internal\RepeatedField |
|
setAllowedRunFrequencies
Output only. The run frequencies that are allowed for the rule.
Populated in BASIC view and FULL view.
| Parameter | |
|---|---|
| Name | Description |
var |
int[]
|
| Returns | |
|---|---|
| Type | Description |
$this |
|
getEtag
The etag for this rule.
If this is provided on update, the request will succeed if and only if it matches the server-computed value, and will fail with an ABORTED error otherwise. Populated in BASIC view and FULL view.
| Returns | |
|---|---|
| Type | Description |
string |
|
setEtag
The etag for this rule.
If this is provided on update, the request will succeed if and only if it matches the server-computed value, and will fail with an ABORTED error otherwise. Populated in BASIC view and FULL view.
| Parameter | |
|---|---|
| Name | Description |
var |
string
|
| Returns | |
|---|---|
| Type | Description |
$this |
|
getScope
Resource name of the DataAccessScope bound to this rule.
Populated in BASIC view and FULL view.
If reference lists are used in the rule, validations will be performed
against this scope to ensure that the reference lists are compatible with
both the user's and the rule's scopes.
The scope should be in the format:
projects/{project}/locations/{location}/instances/{instance}/dataAccessScopes/{scope}.
| Returns | |
|---|---|
| Type | Description |
string |
|
setScope
Resource name of the DataAccessScope bound to this rule.
Populated in BASIC view and FULL view.
If reference lists are used in the rule, validations will be performed
against this scope to ensure that the reference lists are compatible with
both the user's and the rule's scopes.
The scope should be in the format:
projects/{project}/locations/{location}/instances/{instance}/dataAccessScopes/{scope}.
| Parameter | |
|---|---|
| Name | Description |
var |
string
|
| Returns | |
|---|---|
| Type | Description |
$this |
|
getCompilationDiagnostics
Output only. A list of a rule's corresponding compilation diagnostic messages such as compilation errors and compilation warnings. Populated in FULL view.
| Returns | |
|---|---|
| Type | Description |
Google\Protobuf\Internal\RepeatedField |
|
setCompilationDiagnostics
Output only. A list of a rule's corresponding compilation diagnostic messages such as compilation errors and compilation warnings. Populated in FULL view.
| Parameter | |
|---|---|
| Name | Description |
var |
array<CompilationDiagnostic>
|
| Returns | |
|---|---|
| Type | Description |
$this |
|
getNearRealTimeLiveRuleEligible
Output only. Indicate the rule can run in near real time live rule.
If this is true, the rule uses the near real time live rule when the run frequency is set to LIVE.
| Returns | |
|---|---|
| Type | Description |
bool |
|
setNearRealTimeLiveRuleEligible
Output only. Indicate the rule can run in near real time live rule.
If this is true, the rule uses the near real time live rule when the run frequency is set to LIVE.
| Parameter | |
|---|---|
| Name | Description |
var |
bool
|
| Returns | |
|---|---|
| Type | Description |
$this |
|
getInputsUsed
Output only. The set of inputs used in the rule. For example, if the rule uses $e.principal.hostname, then the uses_udm field will be true.
| Returns | |
|---|---|
| Type | Description |
InputsUsed|null |
|
hasInputsUsed
clearInputsUsed
setInputsUsed
Output only. The set of inputs used in the rule. For example, if the rule uses $e.principal.hostname, then the uses_udm field will be true.
| Parameter | |
|---|---|
| Name | Description |
var |
InputsUsed
|
| Returns | |
|---|---|
| Type | Description |
$this |
|