Predicates List | List of predicates to create.
For example, here’s a list of one predicate:
[ { “definition”: { “and": [<br/> {<br/> "stringStartsWith”: { “message.kind”: { “value":"email",<br/>"assignIfTrue”: [ { “dstIndex":"condition.RoyalMessage.methodEmail",<br/>"srcMode”: “const”, “srcParam": true<br/> }<br/> ],<br/> "assignIfFalse”: [ { “dstIndex":"condition.RoyalMessage.methodEmail",<br/>"srcMode”: “const”, “srcParam": false<br/> }<br/> ]<br/> }<br/> }<br/> },<br/> {<br/> "stringMatch”: { “message.sender.email”: { “value": "@proofpoint[^\\.]*",<br/> "assignIfTrue”: [ { “dstIndex":"condition.RoyalMessage.emailHit",<br/>"srcMode”: “match” }, { “dstIndex":"condition.RoyalMessage.emailHitFirst",<br/>"srcMode”: “first” }, { “dstIndex":"condition.RoyalMessage.emailHitLast",<br/>"srcMode”: “last” }, { “dstIndex":"condition.RoyalMessage.emailHitRange",<br/>"srcMode”: “array”, “srcParam": [<br/> {<br/> "srcMode”: “first” }, { “srcMode": "last"<br/> }<br/> ]<br/> }<br/> ],<br/> "assignIfFalse”: [ { “dstIndex":"condition.RoyalMessage.emailMiss",<br/>"srcMode”: “param”, “srcParam”: “message.sender.email” } ] } } }, { “stringBetween": {<br/> "message.sender.displayName": [<br/> "king",<br/> "queen"<br/> ],<br/> "assignIfTrue”: [ { “dstIndex":"condition.RoyalMessage.title",<br/>"srcMode”: “param”, “$srcParam”: “message.sender.displayName” } ] } } ] }, “details”: { “name”: “USA Part Codes”, “description”: “Two-letter codes of all USA parts including states, territories and the DC”, “meta”: {} }, “alias”: “USA_PART_CODES”, “iver”: 319, “kind”: “it:predicate:custom:match”, “purposes”: [ “it:purpose:detection:rule:condition”, “it:purpose:endpoint:policy:match”, “it:purpose:exploration:search:filter”, “it:purpose:authorization:abac:condition” ], “sver”: “1.2.3”, “createdAt”: “2018-04-12T16:36:51.700Z”, “createdBy”: { “principal”: { “id”: “b73fc7b3-af84-48b6-bb2f-f3afd115a453” }, “clients”: [ { “id”: “b73fc7b3-af84-48b6-bb2f-f3afd115a453” } ] }, “updatedAt”: “2018-04-12T16:36:51.700Z”, “updatedBy”: { “principal”: { “id”: “b73fc7b3-af84-48b6-bb2f-f3afd115a453” }, “clients”: [ { “id”: “b73fc7b3-af84-48b6-bb2f-f3afd115a453” } ] }, “tenant”: 123456789, “extent”: “tenant”, “status”: “active”, “risk”: { “default”: {} }, “tags”: [ “rules”, “windows”, “agent” ], “id”: “b73fc7b3-af84-48b6-bb2f-f3afd115a453” } ]
|