Resource: CuratedRuleSet
Describes a set of rules curated by Chronicle.
| JSON representation |
|---|
{ "name": string, "display_name": string, "authors": [ string ], "description": string, "platforms": [ enum ( |
| Fields | |
|---|---|
name |
The resource name of the rule set. Format: 'projects/{project}/locations/{location}/instances/{instance}/CuratedRuleSetCategory/{curated_rule_set_category}/curatedRuleSets/{curated_rule_set}' |
display_name |
Output only. The unique display name of the rule set. |
authors[] |
Output only. The rule set's author(s). |
description |
Output only. A description of the rule set. |
platforms[] |
Output only. The platforms that the rule set targets. |
log_sources[] |
Output only. The log sources the rule set was tested against. |
create_time |
Output only. Creation time of the rule set. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
update_time |
Output only. Last update time of the rule set. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
tactics[] |
Output only. MITRE Tactics of the rule set. e.g. TA0043 |
techniques[] |
Output only. MITRE Techniques of the rule set. e.g. T1055 |
quota |
Output only. Cost of the rule set. Used in calculating how many curated rule sets can be enabled. |
Platform
Represents the IT platform that this rule set targets.
| Enums | |
|---|---|
PLATFORM_UNSPECIFIED |
Unspecified platform. |
GCP |
Google Cloud. |
WINDOWS |
Windows devices. |
LINUX |
Linux devices. |
MACOS |
macOS devices. |
AWS |
Amazon Web Services. |
Quota
The cost of the rule set which is used to evaluate enabled deployments.
| JSON representation |
|---|
{ "quota_size": integer } |
| Fields | |
|---|---|
quota_size |
The amount of quota this rule set consumes. |
Methods |
|
|---|---|
|
Counts the detections generated by a CuratedRuleSet. |
|
Gets a CuratedRuleSet. |
|
Lists CuratedRuleSets. |