Class: Google::Cloud::Chronicle::V1::Rule

Inherits:

Object

• Object
• Google::Cloud::Chronicle::V1::Rule

Extended by:

Protobuf::MessageExts::ClassMethods

Includes:

Protobuf::MessageExts

Defined in:

proto_docs/google/cloud/chronicle/v1/rule.rb

Overview

The Rule resource represents a user-created rule. NEXT TAG: 21

Defined Under Namespace

Modules: CompilationState Classes: MetadataEntry

Instance Attribute Summary

• #allowed_run_frequencies ⇒ ::Array<::Google::Cloud::Chronicle::V1::RunFrequency> readonly

  Output only.

• #author ⇒ ::String readonly

  Output only.

• #compilation_diagnostics ⇒ ::Array<::Google::Cloud::Chronicle::V1::CompilationDiagnostic> readonly

  Output only.

• #compilation_state ⇒ ::Google::Cloud::Chronicle::V1::Rule::CompilationState readonly

  Output only.

• #create_time ⇒ ::Google::Protobuf::Timestamp readonly

  Output only.

• #display_name ⇒ ::String readonly

  Output only.

• #etag ⇒ ::String

  The etag for this rule.

• #inputs_used ⇒ ::Google::Cloud::Chronicle::V1::InputsUsed readonly

  Output only.

• #metadata ⇒ ::Google::Protobuf::Map{::String => ::String} readonly

  Output only.

• #name ⇒ ::String

  Identifier.

• #near_real_time_live_rule_eligible ⇒ ::Boolean readonly

  Output only.

• #reference_lists ⇒ ::Array<::String> readonly

  Output only.

• #revision_create_time ⇒ ::Google::Protobuf::Timestamp readonly

  Output only.

• #revision_id ⇒ ::String readonly

  Output only.

• #scope ⇒ ::String

  Resource name of the DataAccessScope bound to this rule.

• #severity ⇒ ::Google::Cloud::Chronicle::V1::Severity readonly

  Output only.

• #text ⇒ ::String

  The YARA-L content of the rule.

• #type ⇒ ::Google::Cloud::Chronicle::V1::RuleType readonly

  Output only.

Instance Attribute Details

#allowed_run_frequencies ⇒ ::Array<::Google::Cloud::Chronicle::V1::RunFrequency> (readonly)

Returns Output only. The run frequencies that are allowed for the rule. Populated in BASIC view and FULL view.

Returns:

• (::Array<::Google::Cloud::Chronicle::V1::RunFrequency>) —

  Output only. The run frequencies that are allowed for the rule. Populated in BASIC view and FULL view.

# File 'proto_docs/google/cloud/chronicle/v1/rule.rb', line 111

class Rule
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class MetadataEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # The current compilation state of the rule.
  module CompilationState
    # The compilation state is unspecified/unknown.
    COMPILATION_STATE_UNSPECIFIED = 0

    # The Rule can successfully compile.
    SUCCEEDED = 1

    # The Rule cannot successfully compile.
    # This is possible if a backwards-incompatible change was made to the
    # compiler.
    FAILED = 2
  end
end

#author ⇒ ::String (readonly)

Returns Output only. The author of the rule. Extracted from the meta section of text. Populated in BASIC view and FULL view.

Returns:

• (::String) —

  Output only. The author of the rule. Extracted from the meta section of text. Populated in BASIC view and FULL view.

# File 'proto_docs/google/cloud/chronicle/v1/rule.rb', line 111

class Rule
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class MetadataEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # The current compilation state of the rule.
  module CompilationState
    # The compilation state is unspecified/unknown.
    COMPILATION_STATE_UNSPECIFIED = 0

    # The Rule can successfully compile.
    SUCCEEDED = 1

    # The Rule cannot successfully compile.
    # This is possible if a backwards-incompatible change was made to the
    # compiler.
    FAILED = 2
  end
end

#compilation_diagnostics ⇒ ::Array<::Google::Cloud::Chronicle::V1::CompilationDiagnostic> (readonly)

Returns Output only. A list of a rule's corresponding compilation diagnostic messages such as compilation errors and compilation warnings. Populated in FULL view.

Returns:

• (::Array<::Google::Cloud::Chronicle::V1::CompilationDiagnostic>) —

  Output only. A list of a rule's corresponding compilation diagnostic messages such as compilation errors and compilation warnings. Populated in FULL view.

# File 'proto_docs/google/cloud/chronicle/v1/rule.rb', line 111

class Rule
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class MetadataEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # The current compilation state of the rule.
  module CompilationState
    # The compilation state is unspecified/unknown.
    COMPILATION_STATE_UNSPECIFIED = 0

    # The Rule can successfully compile.
    SUCCEEDED = 1

    # The Rule cannot successfully compile.
    # This is possible if a backwards-incompatible change was made to the
    # compiler.
    FAILED = 2
  end
end

#compilation_state ⇒ ::Google::Cloud::Chronicle::V1::Rule::CompilationState (readonly)

Returns Output only. The current compilation state of the rule. Populated in FULL view.

Returns:

• (::Google::Cloud::Chronicle::V1::Rule::CompilationState) —

  Output only. The current compilation state of the rule. Populated in FULL view.

# File 'proto_docs/google/cloud/chronicle/v1/rule.rb', line 111

class Rule
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class MetadataEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # The current compilation state of the rule.
  module CompilationState
    # The compilation state is unspecified/unknown.
    COMPILATION_STATE_UNSPECIFIED = 0

    # The Rule can successfully compile.
    SUCCEEDED = 1

    # The Rule cannot successfully compile.
    # This is possible if a backwards-incompatible change was made to the
    # compiler.
    FAILED = 2
  end
end

#create_time ⇒ ::Google::Protobuf::Timestamp (readonly)

Returns Output only. The timestamp of when the rule was created. Populated in FULL view.

Returns:

• (::Google::Protobuf::Timestamp) —

  Output only. The timestamp of when the rule was created. Populated in FULL view.

# File 'proto_docs/google/cloud/chronicle/v1/rule.rb', line 111

class Rule
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class MetadataEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # The current compilation state of the rule.
  module CompilationState
    # The compilation state is unspecified/unknown.
    COMPILATION_STATE_UNSPECIFIED = 0

    # The Rule can successfully compile.
    SUCCEEDED = 1

    # The Rule cannot successfully compile.
    # This is possible if a backwards-incompatible change was made to the
    # compiler.
    FAILED = 2
  end
end

#display_name ⇒ ::String (readonly)

Returns Output only. Display name of the rule. Populated in BASIC view and FULL view.

Returns:

• (::String) —

  Output only. Display name of the rule. Populated in BASIC view and FULL view.

# File 'proto_docs/google/cloud/chronicle/v1/rule.rb', line 111

class Rule
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class MetadataEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # The current compilation state of the rule.
  module CompilationState
    # The compilation state is unspecified/unknown.
    COMPILATION_STATE_UNSPECIFIED = 0

    # The Rule can successfully compile.
    SUCCEEDED = 1

    # The Rule cannot successfully compile.
    # This is possible if a backwards-incompatible change was made to the
    # compiler.
    FAILED = 2
  end
end

#etag ⇒ ::String

Returns The etag for this rule. If this is provided on update, the request will succeed if and only if it matches the server-computed value, and will fail with an ABORTED error otherwise. Populated in BASIC view and FULL view.

Returns:

• (::String) —

  The etag for this rule. If this is provided on update, the request will succeed if and only if it matches the server-computed value, and will fail with an ABORTED error otherwise. Populated in BASIC view and FULL view.

# File 'proto_docs/google/cloud/chronicle/v1/rule.rb', line 111

class Rule
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class MetadataEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # The current compilation state of the rule.
  module CompilationState
    # The compilation state is unspecified/unknown.
    COMPILATION_STATE_UNSPECIFIED = 0

    # The Rule can successfully compile.
    SUCCEEDED = 1

    # The Rule cannot successfully compile.
    # This is possible if a backwards-incompatible change was made to the
    # compiler.
    FAILED = 2
  end
end

#inputs_used ⇒ ::Google::Cloud::Chronicle::V1::InputsUsed (readonly)

Returns Output only. The set of inputs used in the rule. For example, if the rule uses $e.principal.hostname, then the uses_udm field will be true.

Returns:

• (::Google::Cloud::Chronicle::V1::InputsUsed) —

  Output only. The set of inputs used in the rule. For example, if the rule uses $e.principal.hostname, then the uses_udm field will be true.

# File 'proto_docs/google/cloud/chronicle/v1/rule.rb', line 111

class Rule
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class MetadataEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # The current compilation state of the rule.
  module CompilationState
    # The compilation state is unspecified/unknown.
    COMPILATION_STATE_UNSPECIFIED = 0

    # The Rule can successfully compile.
    SUCCEEDED = 1

    # The Rule cannot successfully compile.
    # This is possible if a backwards-incompatible change was made to the
    # compiler.
    FAILED = 2
  end
end

#metadata ⇒ ::Google::Protobuf::Map{::String => ::String} (readonly)

Returns Output only. Additional metadata specified in the meta section of text. Populated in FULL view.

Returns:

• (::Google::Protobuf::Map{::String => ::String}) —

  Output only. Additional metadata specified in the meta section of text. Populated in FULL view.

# File 'proto_docs/google/cloud/chronicle/v1/rule.rb', line 111

class Rule
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class MetadataEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # The current compilation state of the rule.
  module CompilationState
    # The compilation state is unspecified/unknown.
    COMPILATION_STATE_UNSPECIFIED = 0

    # The Rule can successfully compile.
    SUCCEEDED = 1

    # The Rule cannot successfully compile.
    # This is possible if a backwards-incompatible change was made to the
    # compiler.
    FAILED = 2
  end
end

#name ⇒ ::String

Returns Identifier. Full resource name for the rule. Format: projects/{project}/locations/{location}/instances/{instance}/rules/{rule}.

Returns:

• (::String) —

  Identifier. Full resource name for the rule. Format: projects/{project}/locations/{location}/instances/{instance}/rules/{rule}

# File 'proto_docs/google/cloud/chronicle/v1/rule.rb', line 111

class Rule
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class MetadataEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # The current compilation state of the rule.
  module CompilationState
    # The compilation state is unspecified/unknown.
    COMPILATION_STATE_UNSPECIFIED = 0

    # The Rule can successfully compile.
    SUCCEEDED = 1

    # The Rule cannot successfully compile.
    # This is possible if a backwards-incompatible change was made to the
    # compiler.
    FAILED = 2
  end
end

#near_real_time_live_rule_eligible ⇒ ::Boolean (readonly)

Returns Output only. Indicate the rule can run in near real time live rule. If this is true, the rule uses the near real time live rule when the run frequency is set to LIVE.

Returns:

• (::Boolean) —

  Output only. Indicate the rule can run in near real time live rule. If this is true, the rule uses the near real time live rule when the run frequency is set to LIVE.

# File 'proto_docs/google/cloud/chronicle/v1/rule.rb', line 111

class Rule
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class MetadataEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # The current compilation state of the rule.
  module CompilationState
    # The compilation state is unspecified/unknown.
    COMPILATION_STATE_UNSPECIFIED = 0

    # The Rule can successfully compile.
    SUCCEEDED = 1

    # The Rule cannot successfully compile.
    # This is possible if a backwards-incompatible change was made to the
    # compiler.
    FAILED = 2
  end
end

#reference_lists ⇒ ::Array<::String> (readonly)

Returns Output only. Resource names of the reference lists used in this rule. Populated in FULL view.

Returns:

• (::Array<::String>) —

  Output only. Resource names of the reference lists used in this rule. Populated in FULL view.

# File 'proto_docs/google/cloud/chronicle/v1/rule.rb', line 111

class Rule
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class MetadataEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # The current compilation state of the rule.
  module CompilationState
    # The compilation state is unspecified/unknown.
    COMPILATION_STATE_UNSPECIFIED = 0

    # The Rule can successfully compile.
    SUCCEEDED = 1

    # The Rule cannot successfully compile.
    # This is possible if a backwards-incompatible change was made to the
    # compiler.
    FAILED = 2
  end
end

#revision_create_time ⇒ ::Google::Protobuf::Timestamp (readonly)

Returns Output only. The timestamp of when the rule revision was created. Populated in FULL, REVISION_METADATA_ONLY views.

Returns:

• (::Google::Protobuf::Timestamp) —

  Output only. The timestamp of when the rule revision was created. Populated in FULL, REVISION_METADATA_ONLY views.

# File 'proto_docs/google/cloud/chronicle/v1/rule.rb', line 111

class Rule
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class MetadataEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # The current compilation state of the rule.
  module CompilationState
    # The compilation state is unspecified/unknown.
    COMPILATION_STATE_UNSPECIFIED = 0

    # The Rule can successfully compile.
    SUCCEEDED = 1

    # The Rule cannot successfully compile.
    # This is possible if a backwards-incompatible change was made to the
    # compiler.
    FAILED = 2
  end
end

#revision_id ⇒ ::String (readonly)

Returns Output only. The revision ID of the rule. A new revision is created whenever the rule text is changed in any way. Format: v_{10 digits}_{9 digits} Populated in REVISION_METADATA_ONLY view and FULL view.

Returns:

• (::String) —

  Output only. The revision ID of the rule. A new revision is created whenever the rule text is changed in any way. Format: v_{10 digits}_{9 digits} Populated in REVISION_METADATA_ONLY view and FULL view.

# File 'proto_docs/google/cloud/chronicle/v1/rule.rb', line 111

class Rule
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class MetadataEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # The current compilation state of the rule.
  module CompilationState
    # The compilation state is unspecified/unknown.
    COMPILATION_STATE_UNSPECIFIED = 0

    # The Rule can successfully compile.
    SUCCEEDED = 1

    # The Rule cannot successfully compile.
    # This is possible if a backwards-incompatible change was made to the
    # compiler.
    FAILED = 2
  end
end

#scope ⇒ ::String

Returns Resource name of the DataAccessScope bound to this rule. Populated in BASIC view and FULL view. If reference lists are used in the rule, validations will be performed against this scope to ensure that the reference lists are compatible with both the user's and the rule's scopes. The scope should be in the format: projects/{project}/locations/{location}/instances/{instance}/dataAccessScopes/{scope}.

Returns:

• (::String) —

  Resource name of the DataAccessScope bound to this rule. Populated in BASIC view and FULL view. If reference lists are used in the rule, validations will be performed against this scope to ensure that the reference lists are compatible with both the user's and the rule's scopes. The scope should be in the format: projects/{project}/locations/{location}/instances/{instance}/dataAccessScopes/{scope}.

# File 'proto_docs/google/cloud/chronicle/v1/rule.rb', line 111

class Rule
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class MetadataEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # The current compilation state of the rule.
  module CompilationState
    # The compilation state is unspecified/unknown.
    COMPILATION_STATE_UNSPECIFIED = 0

    # The Rule can successfully compile.
    SUCCEEDED = 1

    # The Rule cannot successfully compile.
    # This is possible if a backwards-incompatible change was made to the
    # compiler.
    FAILED = 2
  end
end

#severity ⇒ ::Google::Cloud::Chronicle::V1::Severity (readonly)

Returns Output only. The severity of the rule as specified in the meta section of text. Populated in BASIC view and FULL view.

Returns:

• (::Google::Cloud::Chronicle::V1::Severity) —

  Output only. The severity of the rule as specified in the meta section of text. Populated in BASIC view and FULL view.

# File 'proto_docs/google/cloud/chronicle/v1/rule.rb', line 111

class Rule
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class MetadataEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # The current compilation state of the rule.
  module CompilationState
    # The compilation state is unspecified/unknown.
    COMPILATION_STATE_UNSPECIFIED = 0

    # The Rule can successfully compile.
    SUCCEEDED = 1

    # The Rule cannot successfully compile.
    # This is possible if a backwards-incompatible change was made to the
    # compiler.
    FAILED = 2
  end
end

#text ⇒ ::String

Returns The YARA-L content of the rule. Populated in FULL view.

Returns:

• (::String) —

  The YARA-L content of the rule. Populated in FULL view.

# File 'proto_docs/google/cloud/chronicle/v1/rule.rb', line 111

class Rule
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class MetadataEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # The current compilation state of the rule.
  module CompilationState
    # The compilation state is unspecified/unknown.
    COMPILATION_STATE_UNSPECIFIED = 0

    # The Rule can successfully compile.
    SUCCEEDED = 1

    # The Rule cannot successfully compile.
    # This is possible if a backwards-incompatible change was made to the
    # compiler.
    FAILED = 2
  end
end

#type ⇒ ::Google::Cloud::Chronicle::V1::RuleType (readonly)

Returns Output only. User-facing type of the rule. Extracted from the events section of rule text. Populated in BASIC view and FULL view.

Returns:

• (::Google::Cloud::Chronicle::V1::RuleType) —

  Output only. User-facing type of the rule. Extracted from the events section of rule text. Populated in BASIC view and FULL view.

# File 'proto_docs/google/cloud/chronicle/v1/rule.rb', line 111

class Rule
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class MetadataEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # The current compilation state of the rule.
  module CompilationState
    # The compilation state is unspecified/unknown.
    COMPILATION_STATE_UNSPECIFIED = 0

    # The Rule can successfully compile.
    SUCCEEDED = 1

    # The Rule cannot successfully compile.
    # This is possible if a backwards-incompatible change was made to the
    # compiler.
    FAILED = 2
  end
end