Create Predicates

Creates multiple predicates.

Basic Parameters

Parameter

Description

Predicates List

List of predicates to create.For example, here's a list of one predicate: [ { "definition": { "$and": [ { "$stringStartsWith": { "message.kind": { "$value": "email", "$assignIfTrue": [ { "$dstIndex": "condition.RoyalMessage.methodEmail", "$srcMode": "const", "$srcParam": true } ], "$assignIfFalse": [ { "$dstIndex": "condition.RoyalMessage.methodEmail", "$srcMode": "const", "$srcParam": false } ] } } }, { "$stringMatch": { "message.sender.email": { "$value": "@proofpoint\\.*", "$assignIfTrue": [ { "$dstIndex": "condition.RoyalMessage.emailHit", "$srcMode": "match" }, { "$dstIndex": "condition.RoyalMessage.emailHitFirst", "$srcMode": "first" }, { "$dstIndex": "condition.RoyalMessage.emailHitLast", "$srcMode": "last" }, { "$dstIndex": "condition.RoyalMessage.emailHitRange", "$srcMode": "array", "$srcParam": [ { "$srcMode": "first" }, { "$srcMode": "last" } ] } ], "$assignIfFalse": [ { "$dstIndex": "condition.RoyalMessage.emailMiss", "$srcMode": "param", "srcParam": "message.sender.email" } ] } } }, { "$stringBetween": { "message.sender.displayName": [ "king", "queen" ], "$assignIfTrue": [ { "$dstIndex": "condition.RoyalMessage.title", "$srcMode": "param", "$srcParam": "message.sender.displayName" } ] } } ] }, "details": { "name": "USA Part Codes", "description": "Two-letter codes of all USA parts including states, territories and the DC", "meta": {} }, "alias": "USA_PART_CODES", "iver": 319, "kind": "it:predicate:custom:match", "purposes": [ "it:purpose:detection:rule:condition", "it:purpose:endpoint:policy:match", "it:purpose:exploration:search:filter", "it:purpose:authorization:abac:condition" ], "sver": "1.2.3", "createdAt": "2018-04-12T16:36:51.700Z", "createdBy": { "principal": { "id": "b73fc7b3-af84-48b6-bb2f-f3afd115a453" }, "clients": [ { "id": "b73fc7b3-af84-48b6-bb2f-f3afd115a453" } ] }, "updatedAt": "2018-04-12T16:36:51.700Z", "updatedBy": { "principal": { "id": "b73fc7b3-af84-48b6-bb2f-f3afd115a453" }, "clients": [ { "id": "b73fc7b3-af84-48b6-bb2f-f3afd115a453" } ] }, "tenant": 123456789, "extent": "tenant", "status": "active", "risk": { "default": {} }, "tags": [ "rules", "windows", "agent" ], "id": "b73fc7b3-af84-48b6-bb2f-f3afd115a453" }]

Advanced Parameters

Parameter	Description
Consistency	Return when data is ready for read or query.
Correlation ID	ID to correlate multiple requests.
Timeout	Time to wait before consistency=query throws.
Transaction ID	ID for a transaction.

Example Output

{
    "_status": {
        "status": 0,
        "code": "string"
    },
    "_meta": {
        "stats": {
            "offset": 0,
            "limit": 0,
            "total": 0
        },
        "origin": {}
    },
    "data": [
        "string"
    ]
}

Workflow Library Example

Create Predicates with Proofpoint Itm and Send Results Via Email

Preview this Workflow on desktop