Resource: CuratedRuleSet
Describes a set of rules curated by Chronicle.
| JSON representation |
|---|
{ "name": string, "display_name": string, "authors": [ string ], "description": string, "platforms": [ enum ( |
| Fields | |
|---|---|
name |
The resource name of the rule set. Format: 'projects/{project}/locations/{location}/instances/{instance}/CuratedRuleSetCategory/{curated_rule_set_category}/curatedRuleSets/{curated_rule_set}' |
display_ |
Output only. The unique display name of the rule set. |
authors[] |
Output only. The rule set's author(s). |
description |
Output only. A description of the rule set. |
platforms[] |
Output only. The platforms that the rule set targets. |
log_ |
Output only. The log sources the rule set was tested against. |
create_ |
Output only. Creation time of the rule set. Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted.Examples: |
update_ |
Output only. Last update time of the rule set. Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted.Examples: |
tactics[] |
Output only. MITRE Tactics of the rule set. e.g. TA0043 |
techniques[] |
Output only. MITRE Techniques of the rule set. e.g. T1055 |
quota |
Output only. Cost of the rule set. Used in calculating how many curated rule sets can be enabled. |
Platform
Represents the IT platform that this rule set targets.
| Enums | |
|---|---|
PLATFORM_UNSPECIFIED |
Unspecified platform. |
GCP |
Google Cloud. |
WINDOWS |
Windows devices. |
LINUX |
Linux devices. |
MACOS |
macOS devices. |
AWS |
Amazon Web Services. |
Quota
The cost of the rule set which is used to evaluate enabled deployments.
| JSON representation |
|---|
{ "quota_size": integer } |
| Fields | |
|---|---|
quota_ |
The amount of quota this rule set consumes. |
Methods |
|
|---|---|
|
Counts the detections generated by a CuratedRuleSet. |
|
Gets a CuratedRuleSet. |
|
Lists CuratedRuleSets. |