| Rules List | List of rules represented by json objects to create.
For example, here’s a list of one rule:
[
{
“kind”: “it:rule:detection”,
“predicate”: {
“id”: “b73fc7b3-af84-48b6-bb2f-f3afd115a453”,
“definition”: {},
“patterns”: [
{}
],
“predicates”: [
{}
],
“lists”: [
{}
]
},
“actions”: [
[
{
“kind”: “it:rule:action:kind:incident”,
“parameters”: {
“probability”: 0.15,
“impact”: 0.1,
“score”: 0.015,
“urgency”: 0.2,
“severity”: “incident:severity:100:low”
}
},
{
“kind”: “it:rule:action:kind:notification”,
“parameters”: {
“target”: {
“id”: “someUUID”
}
}
}
],
[
{
“kind”: “it:rule:action:kind:incident”,
“parameters”: {
“probability”: 0.15,
“impact”: 0.1,
“score”: 0.015,
“urgency”: 0.2,
“severity”: “incident:severity:100:low”
}
},
{
“kind”: “it:rule:action:kind:notification”,
“parameters”: {
“target”: {
“id”: “someUUID”
}
}
}
],
[
{
“kind”: “it:rule:action:kind:incident”,
“parameters”: {
“probability”: 0.15,
“impact”: 0.1,
“score”: 0.015,
“urgency”: 0.2,
“severity”: “incident:severity:100:low”
}
},
{
“kind”: “it:rule:action:kind:notification”,
“parameters”: {
“target”: {
“id”: “someUUID”
}
}
}
],
[
{
“kind”: “it:rule:action:kind:incident”,
“parameters”: {
“probability”: 0.15,
“impact”: 0.1,
“score”: 0.015,
“urgency”: 0.2,
“severity”: “incident:severity:100:low”
}
},
{
“kind”: “it:rule:action:kind:notification”,
“parameters”: {
“target”: {
“id”: “someUUID”
}
}
}
],
[
{
“kind”: “it:rule:action:kind:incident”,
“parameters”: {
“probability”: 0.15,
“impact”: 0.1,
“score”: 0.015,
“urgency”: 0.2,
“severity”: “incident:severity:100:low”
}
},
{
“kind”: “it:rule:action:kind:notification”,
“parameters”: {
“target”: {
“id”: “someUUID”
}
}
}
],
[
{
“kind”: “it:rule:action:kind:incident”,
“parameters”: {
“probability”: 0.15,
“impact”: 0.1,
“score”: 0.015,
“urgency”: 0.2,
“severity”: “incident:severity:100:low”
}
},
{
“kind”: “it:rule:action:kind:notification”,
“parameters”: {
“target”: {
“id”: “someUUID”
}
}
}
],
[
{
“kind”: “it:rule:action:kind:incident”,
“parameters”: {
“probability”: 0.15,
“impact”: 0.1,
“score”: 0.015,
“urgency”: 0.2,
“severity”: “incident:severity:100:low”
}
},
{
“kind”: “it:rule:action:kind:notification”,
“parameters”: {
“target”: {
“id”: “someUUID”
}
}
}
],
[
{
“kind”: “it:rule:action:kind:incident”,
“parameters”: {
“probability”: 0.15,
“impact”: 0.1,
“score”: 0.015,
“urgency”: 0.2,
“severity”: “incident:severity:100:low”
}
},
{
“kind”: “it:rule:action:kind:notification”,
“parameters”: {
“target”: {
“id”: “someUUID”
}
}
}
],
[
{
“kind”: “it:rule:action:kind:incident”,
“parameters”: {
“probability”: 0.15,
“impact”: 0.1,
“score”: 0.015,
“urgency”: 0.2,
“severity”: “incident:severity:100:low”
}
},
{
“kind”: “it:rule:action:kind:notification”,
“parameters”: {
“target”: {
“id”: “someUUID”
}
}
}
],
[
{
“kind”: “it:rule:action:kind:incident”,
“parameters”: {
“probability”: 0.15,
“impact”: 0.1,
“score”: 0.015,
“urgency”: 0.2,
“severity”: “incident:severity:100:low”
}
},
{
“kind”: “it:rule:action:kind:notification”,
“parameters”: {
“target”: {
“id”: “someUUID”
}
}
}
]
],
“target”: {
“defaults”: [
{
“kind”: “endpoint:agent”,
“overlay”: true
}
],
“realms”: [
{
“id”: “b73fc7b3-af84-48b6-bb2f-f3afd115a453”,
“overlay”: true
}
]
},
“options”: {
“filter”: {
“simple”: {
“include”: [
{
“activity.clumps.primary.item.designations”: [
“it:activity:clump:item:first”,
“it:activity:clump:item:intermediate”,
“it:activity:clump:item:last”
]
}
]
}
}
},
“details”: {
“name”: “USA Part Codes”,
“description”: “Two-letter codes of all USA parts including states, territories and the DC”
},
“alias”: “USA_PART_CODES”,
“iver”: 319,
“sver”: “1.2.3”,
“createdAt”: “2018-04-12T16:36:51.700Z”,
“createdBy”: {
“principal”: {
“id”: “b73fc7b3-af84-48b6-bb2f-f3afd115a453”
}
},
“updatedAt”: “2018-04-12T16:36:51.700Z”,
“updatedBy”: {
“principal”: {
“id”: “b73fc7b3-af84-48b6-bb2f-f3afd115a453”
}
},
“tenant”: 123456789,
“extent”: “tenant”,
“status”: “active”,
“tags”: [
“rules”,
“windows”,
“agent”
],
“id”: “b73fc7b3-af84-48b6-bb2f-f3afd115a453”
}
]
|
