Auto-Generated Documentation
This set of documentation is automatically generated from source, and will help ensure any change to functionality will always be documented and available on release.
Rule¶
Rule fields are used to capture the specifics of any observer or agent rules that generate alerts or other notable events.
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| author | Keyword | Name, organization, or pseudonym of the author or authors who created the rule used to generate this event. | Optional | None |
| category | Keyword | A categorization value keyword used by the entity using the rule for detection of this event. | Optional | None |
| description | Keyword | The description of the rule generating the event. | Optional | None |
| id | Keyword | A rule ID that is unique within the scope of an agent, observer, or other entity using the rule for detection of this event. | Optional | None |
| license | Keyword | Name of the license under which the rule used to generate this event is made available. | Optional | None |
| name | Keyword | The name of the rule or signature generating the event. | Optional | None |
| reference | Keyword | Reference URL to additional information about the rule used to generate this event. | Optional | None |
| ruleset | Keyword | Name of the ruleset, policy, group, or parent category in which the rule used to generate this event is a member. | Optional | None |
| uuid | Keyword | A rule ID that is unique within the scope of a set or group of agents, observers, or other entities using the rule for detection of this event. | Optional | None |
| version | Keyword | The version / revision of the rule being used for analysis. | Optional | None |