Creates multiple predicates.

Basic Parameters

ParameterDescription
Predicates ListList of predicates to create.

For example, here’s a list of one predicate:
[
  {
    “definition”: {
and": [<br/>        &#123;<br/>          "stringStartsWith”: {
            “message.kind”: {
value":"email",<br/>"value": "email",<br/>              "assignIfTrue”: [
                {
dstIndex":"condition.RoyalMessage.methodEmail",<br/>"dstIndex": "condition.RoyalMessage.methodEmail",<br/>                  "srcMode”: “const”,
srcParam": true<br/>                &#125;<br/>              ],<br/>              "assignIfFalse”: [
                {
dstIndex":"condition.RoyalMessage.methodEmail",<br/>"dstIndex": "condition.RoyalMessage.methodEmail",<br/>                  "srcMode”: “const”,
srcParam": false<br/>                &#125;<br/>              ]<br/>            &#125;<br/>          &#125;<br/>        &#125;,<br/>        &#123;<br/>          "stringMatch”: {
            “message.sender.email”: {
value": "@proofpoint[^\\.]*",<br/>              "assignIfTrue”: [
                {
dstIndex":"condition.RoyalMessage.emailHit",<br/>"dstIndex": "condition.RoyalMessage.emailHit",<br/>                  "srcMode”: “match”
                },
                {
dstIndex":"condition.RoyalMessage.emailHitFirst",<br/>"dstIndex": "condition.RoyalMessage.emailHitFirst",<br/>                  "srcMode”: “first”
                },
                {
dstIndex":"condition.RoyalMessage.emailHitLast",<br/>"dstIndex": "condition.RoyalMessage.emailHitLast",<br/>                  "srcMode”: “last”
                },
                {
dstIndex":"condition.RoyalMessage.emailHitRange",<br/>"dstIndex": "condition.RoyalMessage.emailHitRange",<br/>                  "srcMode”: “array”,
srcParam": [<br/>                    &#123;<br/>                      "srcMode”: “first”
                    },
                    {
srcMode": "last"<br/>                    &#125;<br/>                  ]<br/>                &#125;<br/>              ],<br/>              "assignIfFalse”: [
                {
dstIndex":"condition.RoyalMessage.emailMiss",<br/>"dstIndex": "condition.RoyalMessage.emailMiss",<br/>                  "srcMode”: “param”,
                  “srcParam”: “message.sender.email”
                }
              ]
            }
          }
        },
        {
stringBetween": &#123;<br/>            "message.sender.displayName": [<br/>              "king",<br/>              "queen"<br/>            ],<br/>            "assignIfTrue”: [
              {
dstIndex":"condition.RoyalMessage.title",<br/>"dstIndex": "condition.RoyalMessage.title",<br/>                "srcMode”: “param”,
                “$srcParam”: “message.sender.displayName”
              }
            ]
          }
        }
      ]
    },
    “details”: {
      “name”: “USA Part Codes”,
      “description”: “Two-letter codes of all USA parts including states, territories and the DC”,
      “meta”: {}
    },
    “alias”: “USA_PART_CODES”,
    “iver”: 319,
    “kind”: “it:predicate:custom:match”,
    “purposes”: [
      “it:purpose:detection:rule:condition”,
      “it:purpose:endpoint:policy:match”,
      “it:purpose:exploration:search:filter”,
      “it:purpose:authorization:abac:condition”
    ],
    “sver”: “1.2.3”,
    “createdAt”: “2018-04-12T16:36:51.700Z”,
    “createdBy”: {
      “principal”: {
        “id”: “b73fc7b3-af84-48b6-bb2f-f3afd115a453”
      },
      “clients”: [
        {
          “id”: “b73fc7b3-af84-48b6-bb2f-f3afd115a453”
        }
      ]
    },
    “updatedAt”: “2018-04-12T16:36:51.700Z”,
    “updatedBy”: {
      “principal”: {
        “id”: “b73fc7b3-af84-48b6-bb2f-f3afd115a453”
      },
      “clients”: [
        {
          “id”: “b73fc7b3-af84-48b6-bb2f-f3afd115a453”
        }
      ]
    },
    “tenant”: 123456789,
    “extent”: “tenant”,
    “status”: “active”,
    “risk”: {
      “default”: {}
    },
    “tags”: [
      “rules”,
      “windows”,
      “agent”
    ],
    “id”: “b73fc7b3-af84-48b6-bb2f-f3afd115a453”
  }
]

Advanced Parameters

ParameterDescription
ConsistencyReturn when data is ready for read or query.
Correlation IDID to correlate multiple requests.
TimeoutTime to wait before consistency=query throws.
Transaction IDID for a transaction.

Example Output

{
	"_status": {
		"status": 0,
		"code": "string"
	},
	"_meta": {
		"stats": {
			"offset": 0,
			"limit": 0,
			"total": 0
		},
		"origin": {}
	},
	"data": [
		"string"
	]
}

Workflow Library Example

Create Predicates with Proofpoint Itm and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop