Chronicle V1 API - Class Google::Cloud::Chronicle::V1::Rule (v0.1.0)

Reference documentation and code samples for the Chronicle V1 API class Google::Cloud::Chronicle::V1::Rule.

The Rule resource represents a user-created rule. NEXT TAG: 21

Inherits

  • Object

Extended By

  • Google::Protobuf::MessageExts::ClassMethods

Includes

  • Google::Protobuf::MessageExts

Methods

#allowed_run_frequencies

def allowed_run_frequencies() -> ::Array<::Google::Cloud::Chronicle::V1::RunFrequency>
Returns

#author

def author() -> ::String
Returns
  • (::String) — Output only. The author of the rule. Extracted from the meta section of text. Populated in BASIC view and FULL view.

#compilation_diagnostics

def compilation_diagnostics() -> ::Array<::Google::Cloud::Chronicle::V1::CompilationDiagnostic>
Returns

#compilation_state

def compilation_state() -> ::Google::Cloud::Chronicle::V1::Rule::CompilationState
Returns

#create_time

def create_time() -> ::Google::Protobuf::Timestamp
Returns

#display_name

def display_name() -> ::String
Returns
  • (::String) — Output only. Display name of the rule. Populated in BASIC view and FULL view.

#etag

def etag() -> ::String
Returns
  • (::String) — The etag for this rule. If this is provided on update, the request will succeed if and only if it matches the server-computed value, and will fail with an ABORTED error otherwise. Populated in BASIC view and FULL view.

#etag=

def etag=(value) -> ::String
Parameter
  • value (::String) — The etag for this rule. If this is provided on update, the request will succeed if and only if it matches the server-computed value, and will fail with an ABORTED error otherwise. Populated in BASIC view and FULL view.
Returns
  • (::String) — The etag for this rule. If this is provided on update, the request will succeed if and only if it matches the server-computed value, and will fail with an ABORTED error otherwise. Populated in BASIC view and FULL view.

#inputs_used

def inputs_used() -> ::Google::Cloud::Chronicle::V1::InputsUsed
Returns

#metadata

def metadata() -> ::Google::Protobuf::Map{::String => ::String}
Returns
  • (::Google::Protobuf::Map{::String => ::String}) — Output only. Additional metadata specified in the meta section of text. Populated in FULL view.

#name

def name() -> ::String
Returns
  • (::String) — Identifier. Full resource name for the rule. Format: projects/{project}/locations/{location}/instances/{instance}/rules/{rule}

#name=

def name=(value) -> ::String
Parameter
  • value (::String) — Identifier. Full resource name for the rule. Format: projects/{project}/locations/{location}/instances/{instance}/rules/{rule}
Returns
  • (::String) — Identifier. Full resource name for the rule. Format: projects/{project}/locations/{location}/instances/{instance}/rules/{rule}

#near_real_time_live_rule_eligible

def near_real_time_live_rule_eligible() -> ::Boolean
Returns
  • (::Boolean) — Output only. Indicate the rule can run in near real time live rule. If this is true, the rule uses the near real time live rule when the run frequency is set to LIVE.

#reference_lists

def reference_lists() -> ::Array<::String>
Returns
  • (::Array<::String>) — Output only. Resource names of the reference lists used in this rule. Populated in FULL view.

#revision_create_time

def revision_create_time() -> ::Google::Protobuf::Timestamp
Returns
  • (::Google::Protobuf::Timestamp) — Output only. The timestamp of when the rule revision was created. Populated in FULL, REVISION_METADATA_ONLY views.

#revision_id

def revision_id() -> ::String
Returns
  • (::String) — Output only. The revision ID of the rule. A new revision is created whenever the rule text is changed in any way. Format: v_{10 digits}_{9 digits} Populated in REVISION_METADATA_ONLY view and FULL view.

#scope

def scope() -> ::String
Returns
  • (::String) — Resource name of the DataAccessScope bound to this rule. Populated in BASIC view and FULL view. If reference lists are used in the rule, validations will be performed against this scope to ensure that the reference lists are compatible with both the user's and the rule's scopes. The scope should be in the format: projects/{project}/locations/{location}/instances/{instance}/dataAccessScopes/{scope}.

#scope=

def scope=(value) -> ::String
Parameter
  • value (::String) — Resource name of the DataAccessScope bound to this rule. Populated in BASIC view and FULL view. If reference lists are used in the rule, validations will be performed against this scope to ensure that the reference lists are compatible with both the user's and the rule's scopes. The scope should be in the format: projects/{project}/locations/{location}/instances/{instance}/dataAccessScopes/{scope}.
Returns
  • (::String) — Resource name of the DataAccessScope bound to this rule. Populated in BASIC view and FULL view. If reference lists are used in the rule, validations will be performed against this scope to ensure that the reference lists are compatible with both the user's and the rule's scopes. The scope should be in the format: projects/{project}/locations/{location}/instances/{instance}/dataAccessScopes/{scope}.

#severity

def severity() -> ::Google::Cloud::Chronicle::V1::Severity
Returns

#text

def text() -> ::String
Returns
  • (::String) — The YARA-L content of the rule. Populated in FULL view.

#text=

def text=(value) -> ::String
Parameter
  • value (::String) — The YARA-L content of the rule. Populated in FULL view.
Returns
  • (::String) — The YARA-L content of the rule. Populated in FULL view.

#type

def type() -> ::Google::Cloud::Chronicle::V1::RuleType
Returns