public sealed class Rule : IMessage<Rule>, IEquatable<Rule>, IDeepCloneable<Rule>, IBufferMessage, IMessageReference documentation and code samples for the Chronicle v1 API class Rule.
The Rule resource represents a user-created rule. NEXT TAG: 21
Namespace
Google.Cloud.Chronicle.V1Assembly
Google.Cloud.Chronicle.V1.dll
Constructors
Rule()
public Rule()Rule(Rule)
public Rule(Rule other)| Parameter | |
|---|---|
| Name | Description |
other |
Rule |
Properties
AllowedRunFrequencies
public RepeatedField<RunFrequency> AllowedRunFrequencies { get; }Output only. The run frequencies that are allowed for the rule. Populated in BASIC view and FULL view.
| Property Value | |
|---|---|
| Type | Description |
RepeatedFieldRunFrequency |
|
Author
public string Author { get; set; }Output only. The author of the rule. Extracted from the meta section of text. Populated in BASIC view and FULL view.
| Property Value | |
|---|---|
| Type | Description |
string |
|
CompilationDiagnostics
public RepeatedField<CompilationDiagnostic> CompilationDiagnostics { get; }Output only. A list of a rule's corresponding compilation diagnostic messages such as compilation errors and compilation warnings. Populated in FULL view.
| Property Value | |
|---|---|
| Type | Description |
RepeatedFieldCompilationDiagnostic |
|
CompilationState
public Rule.Types.CompilationState CompilationState { get; set; }Output only. The current compilation state of the rule. Populated in FULL view.
| Property Value | |
|---|---|
| Type | Description |
RuleTypesCompilationState |
|
CreateTime
public Timestamp CreateTime { get; set; }Output only. The timestamp of when the rule was created. Populated in FULL view.
| Property Value | |
|---|---|
| Type | Description |
Timestamp |
|
DisplayName
public string DisplayName { get; set; }Output only. Display name of the rule. Populated in BASIC view and FULL view.
| Property Value | |
|---|---|
| Type | Description |
string |
|
Etag
public string Etag { get; set; }The etag for this rule. If this is provided on update, the request will succeed if and only if it matches the server-computed value, and will fail with an ABORTED error otherwise. Populated in BASIC view and FULL view.
| Property Value | |
|---|---|
| Type | Description |
string |
|
InputsUsed
public InputsUsed InputsUsed { get; set; }Output only. The set of inputs used in the rule. For example, if the rule uses $e.principal.hostname, then the uses_udm field will be true.
| Property Value | |
|---|---|
| Type | Description |
InputsUsed |
|
Metadata
public MapField<string, string> Metadata { get; }Output only. Additional metadata specified in the meta section of text. Populated in FULL view.
| Property Value | |
|---|---|
| Type | Description |
MapFieldstringstring |
|
Name
public string Name { get; set; }Identifier. Full resource name for the rule.
Format:
projects/{project}/locations/{location}/instances/{instance}/rules/{rule}
| Property Value | |
|---|---|
| Type | Description |
string |
|
NearRealTimeLiveRuleEligible
public bool NearRealTimeLiveRuleEligible { get; set; }Output only. Indicate the rule can run in near real time live rule. If this is true, the rule uses the near real time live rule when the run frequency is set to LIVE.
| Property Value | |
|---|---|
| Type | Description |
bool |
|
ReferenceLists
public RepeatedField<string> ReferenceLists { get; }Output only. Resource names of the reference lists used in this rule. Populated in FULL view.
| Property Value | |
|---|---|
| Type | Description |
RepeatedFieldstring |
|
ReferenceListsAsReferenceListNames
public ResourceNameList<ReferenceListName> ReferenceListsAsReferenceListNames { get; }ReferenceListName-typed view over the ReferenceLists resource name property.
| Property Value | |
|---|---|
| Type | Description |
ResourceNameListReferenceListName |
|
RevisionCreateTime
public Timestamp RevisionCreateTime { get; set; }Output only. The timestamp of when the rule revision was created. Populated in FULL, REVISION_METADATA_ONLY views.
| Property Value | |
|---|---|
| Type | Description |
Timestamp |
|
RevisionId
public string RevisionId { get; set; }Output only. The revision ID of the rule.
A new revision is created whenever the rule text is changed in any way.
Format: v_{10 digits}_{9 digits}
Populated in REVISION_METADATA_ONLY view and FULL view.
| Property Value | |
|---|---|
| Type | Description |
string |
|
RuleName
public RuleName RuleName { get; set; }| Property Value | |
|---|---|
| Type | Description |
RuleName |
|
Scope
public string Scope { get; set; }Resource name of the DataAccessScope bound to this rule.
Populated in BASIC view and FULL view.
If reference lists are used in the rule, validations will be performed
against this scope to ensure that the reference lists are compatible with
both the user's and the rule's scopes.
The scope should be in the format:
projects/{project}/locations/{location}/instances/{instance}/dataAccessScopes/{scope}.
| Property Value | |
|---|---|
| Type | Description |
string |
|
ScopeAsDataAccessScopeName
public DataAccessScopeName ScopeAsDataAccessScopeName { get; set; }DataAccessScopeName-typed view over the Scope resource name property.
| Property Value | |
|---|---|
| Type | Description |
DataAccessScopeName |
|
Severity
public Severity Severity { get; set; }Output only. The severity of the rule as specified in the meta section of text. Populated in BASIC view and FULL view.
| Property Value | |
|---|---|
| Type | Description |
Severity |
|
Text
public string Text { get; set; }The YARA-L content of the rule. Populated in FULL view.
| Property Value | |
|---|---|
| Type | Description |
string |
|
Type
public RuleType Type { get; set; }Output only. User-facing type of the rule. Extracted from the events section of rule text. Populated in BASIC view and FULL view.
| Property Value | |
|---|---|
| Type | Description |
RuleType |
|