Create Predicates

Creates multiple predicates.

Basic Parameters

Parameter Description

Predicates List List of predicates to create.

For example, here's a list of one predicate:
 [ { "definition": { "$and": [ { "$stringStartsWith": { "message.kind": { "$value": "email", "$assignIfTrue": [ { "$dstIndex": "condition.RoyalMessage.methodEmail", "$srcMode": "const", "$srcParam": true } ], "$assignIfFalse": [ { "$dstIndex": "condition.RoyalMessage.methodEmail", "$srcMode": "const", "$srcParam": false } ] } } }, { "$stringMatch": { "message.sender.email": { "$value": "@proofpoint[^\\.]*", "$assignIfTrue": [ { "$dstIndex": "condition.RoyalMessage.emailHit", "$srcMode": "match" }, { "$dstIndex": "condition.RoyalMessage.emailHitFirst", "$srcMode": "first" }, { "$dstIndex": "condition.RoyalMessage.emailHitLast", "$srcMode": "last" }, { "$dstIndex": "condition.RoyalMessage.emailHitRange", "$srcMode": "array", "$srcParam": [ { "$srcMode": "first" }, { "$srcMode": "last" } ] } ], "$assignIfFalse": [ { "$dstIndex": "condition.RoyalMessage.emailMiss", "$srcMode": "param", "srcParam": "message.sender.email" } ] } } }, { "$stringBetween": { "message.sender.displayName": [ "king", "queen" ], "$assignIfTrue": [ { "$dstIndex": "condition.RoyalMessage.title", "$srcMode": "param", "$srcParam": "message.sender.displayName" } ] } } ] }, "details": { "name": "USA Part Codes", "description": "Two-letter codes of all USA parts including states, territories and the DC", "meta": {} }, "alias": "USA_PART_CODES", "iver": 319, "kind": "it:predicate:custom:match", "purposes": [ "it:purpose:detection:rule:condition", "it:purpose:endpoint:policy:match", "it:purpose:exploration:search:filter", "it:purpose:authorization:abac:condition" ], "sver": "1.2.3", "createdAt": "2018-04-12T16:36:51.700Z", "createdBy": { "principal": { "id": "b73fc7b3-af84-48b6-bb2f-f3afd115a453" }, "clients": [ { "id": "b73fc7b3-af84-48b6-bb2f-f3afd115a453" } ] }, "updatedAt": "2018-04-12T16:36:51.700Z", "updatedBy": { "principal": { "id": "b73fc7b3-af84-48b6-bb2f-f3afd115a453" }, "clients": [ { "id": "b73fc7b3-af84-48b6-bb2f-f3afd115a453" } ] }, "tenant": 123456789, "extent": "tenant", "status": "active", "risk": { "default": {} }, "tags": [ "rules", "windows", "agent" ], "id": "b73fc7b3-af84-48b6-bb2f-f3afd115a453" } ]

Parameter	Description
Predicates List	List of predicates to create. For example, here's a list of one predicate: <br/>[<br/> {<br/> "definition": {<br/> "$and": [<br/> {<br/> "$stringStartsWith": {<br/> "message.kind": {<br/> "$value": "email",<br/> "$assignIfTrue": [<br/> {<br/> "$dstIndex": "condition.RoyalMessage.methodEmail",<br/> "$srcMode": "const",<br/> "$srcParam": true<br/> }<br/> ],<br/> "$assignIfFalse": [<br/> {<br/> "$dstIndex": "condition.RoyalMessage.methodEmail",<br/> "$srcMode": "const",<br/> "$srcParam": false<br/> }<br/> ]<br/> }<br/> }<br/> },<br/> {<br/> "$stringMatch": {<br/> "message.sender.email": {<br/> "$value": "@proofpoint[^\\.]*",<br/> "$assignIfTrue": [<br/> {<br/> "$dstIndex": "condition.RoyalMessage.emailHit",<br/> "$srcMode": "match"<br/> },<br/> {<br/> "$dstIndex": "condition.RoyalMessage.emailHitFirst",<br/> "$srcMode": "first"<br/> },<br/> {<br/> "$dstIndex": "condition.RoyalMessage.emailHitLast",<br/> "$srcMode": "last"<br/> },<br/> {<br/> "$dstIndex": "condition.RoyalMessage.emailHitRange",<br/> "$srcMode": "array",<br/> "$srcParam": [<br/> {<br/> "$srcMode": "first"<br/> },<br/> {<br/> "$srcMode": "last"<br/> }<br/> ]<br/> }<br/> ],<br/> "$assignIfFalse": [<br/> {<br/> "$dstIndex": "condition.RoyalMessage.emailMiss",<br/> "$srcMode": "param",<br/> "srcParam": "message.sender.email"<br/> }<br/> ]<br/> }<br/> }<br/> },<br/> {<br/> "$stringBetween": {<br/> "message.sender.displayName": [<br/> "king",<br/> "queen"<br/> ],<br/> "$assignIfTrue": [<br/> {<br/> "$dstIndex": "condition.RoyalMessage.title",<br/> "$srcMode": "param",<br/> "$srcParam": "message.sender.displayName"<br/> }<br/> ]<br/> }<br/> }<br/> ]<br/> },<br/> "details": {<br/> "name": "USA Part Codes",<br/> "description": "Two-letter codes of all USA parts including states, territories and the DC",<br/> "meta": {}<br/> },<br/> "alias": "USA_PART_CODES",<br/> "iver": 319,<br/> "kind": "it:predicate:custom:match",<br/> "purposes": [<br/> "it:purpose:detection:rule:condition",<br/> "it:purpose:endpoint:policy:match",<br/> "it:purpose:exploration:search:filter",<br/> "it:purpose:authorization:abac:condition"<br/> ],<br/> "sver": "1.2.3",<br/> "createdAt": "2018-04-12T16:36:51.700Z",<br/> "createdBy": {<br/> "principal": {<br/> "id": "b73fc7b3-af84-48b6-bb2f-f3afd115a453"<br/> },<br/> "clients": [<br/> {<br/> "id": "b73fc7b3-af84-48b6-bb2f-f3afd115a453"<br/> }<br/> ]<br/> },<br/> "updatedAt": "2018-04-12T16:36:51.700Z",<br/> "updatedBy": {<br/> "principal": {<br/> "id": "b73fc7b3-af84-48b6-bb2f-f3afd115a453"<br/> },<br/> "clients": [<br/> {<br/> "id": "b73fc7b3-af84-48b6-bb2f-f3afd115a453"<br/> }<br/> ]<br/> },<br/> "tenant": 123456789,<br/> "extent": "tenant",<br/> "status": "active",<br/> "risk": {<br/> "default": {}<br/> },<br/> "tags": [<br/> "rules",<br/> "windows",<br/> "agent"<br/> ],<br/> "id": "b73fc7b3-af84-48b6-bb2f-f3afd115a453"<br/> }<br/>]<br/>

Advanced Parameters

Parameter	Description
Consistency	Return when data is ready for read or query.
Correlation ID	ID to correlate multiple requests.
Timeout	Time to wait before consistency=query throws.
Transaction ID	ID for a transaction.

Example Output

{
    "_status": {
        "status": 0,
        "code": "string"
    },
    "_meta": {
        "stats": {
            "offset": 0,
            "limit": 0,
            "total": 0
        },
        "origin": {}
    },
    "data": [
        "string"
    ]
}

Workflow Library Example

Create Predicates with Proofpoint Itm and Send Results Via Email

Preview this Workflow on desktop

Create Predicates

Basic Parameters​

Advanced Parameters​

Example Output​

Workflow Library Example​

Basic Parameters

Advanced Parameters

Example Output

Workflow Library Example