Rule(mapping=None, *, ignore_unknown_fields=False, **kwargs)The Rule resource represents a user-created rule. NEXT TAG: 21
Attributes |
|
|---|---|
| Name | Description |
name |
str
Identifier. Full resource name for the rule. Format: projects/{project}/locations/{location}/instances/{instance}/rules/{rule}
|
revision_id |
str
Output only. The revision ID of the rule. A new revision is created whenever the rule text is changed in any way. Format: v_{10 digits}_{9 digits} Populated in
REVISION_METADATA_ONLY view and FULL view.
|
display_name |
str
Output only. Display name of the rule. Populated in BASIC view and FULL view. |
text |
str
The YARA-L content of the rule. Populated in FULL view. |
author |
str
Output only. The author of the rule. Extracted from the meta section of text. Populated in BASIC view and FULL view. |
severity |
google.cloud.chronicle_v1.types.Severity
Output only. The severity of the rule as specified in the meta section of text. Populated in BASIC view and FULL view. |
metadata |
MutableMapping[str, str]
Output only. Additional metadata specified in the meta section of text. Populated in FULL view. |
create_time |
google.protobuf.timestamp_pb2.Timestamp
Output only. The timestamp of when the rule was created. Populated in FULL view. |
revision_create_time |
google.protobuf.timestamp_pb2.Timestamp
Output only. The timestamp of when the rule revision was created. Populated in FULL, REVISION_METADATA_ONLY views. |
compilation_state |
google.cloud.chronicle_v1.types.Rule.CompilationState
Output only. The current compilation state of the rule. Populated in FULL view. |
type_ |
google.cloud.chronicle_v1.types.RuleType
Output only. User-facing type of the rule. Extracted from the events section of rule text. Populated in BASIC view and FULL view. |
reference_lists |
MutableSequence[str]
Output only. Resource names of the reference lists used in this rule. Populated in FULL view. |
allowed_run_frequencies |
MutableSequence[google.cloud.chronicle_v1.types.RunFrequency]
Output only. The run frequencies that are allowed for the rule. Populated in BASIC view and FULL view. |
etag |
str
The etag for this rule. If this is provided on update, the request will succeed if and only if it matches the server-computed value, and will fail with an ABORTED error otherwise. Populated in BASIC view and FULL view. |
scope |
str
Resource name of the DataAccessScope bound to this rule. Populated in BASIC view and FULL view. If reference lists are used in the rule, validations will be performed against this scope to ensure that the reference lists are compatible with both the user's and the rule's scopes. The scope should be in the format: projects/{project}/locations/{location}/instances/{instance}/dataAccessScopes/{scope}.
|
compilation_diagnostics |
MutableSequence[google.cloud.chronicle_v1.types.CompilationDiagnostic]
Output only. A list of a rule's corresponding compilation diagnostic messages such as compilation errors and compilation warnings. Populated in FULL view. |
near_real_time_live_rule_eligible |
bool
Output only. Indicate the rule can run in near real time live rule. If this is true, the rule uses the near real time live rule when the run frequency is set to LIVE. |
inputs_used |
google.cloud.chronicle_v1.types.InputsUsed
Output only. The set of inputs used in the rule. For example, if the rule uses $e.principal.hostname, then the uses_udm field will be true. |
Classes
CompilationState
CompilationState(value)The current compilation state of the rule.
MetadataEntry
MetadataEntry(mapping=None, *, ignore_unknown_fields=False, **kwargs)The abstract base class for a message.
| Parameters | |
|---|---|
| Name | Description |
kwargs |
dict
Keys and values corresponding to the fields of the message. |
mapping |
Union[dict,
A dictionary or message to be used to determine the values for this message. |
ignore_unknown_fields |
Optional(bool)
If True, do not raise errors for unknown fields. Only applied if |