Reference documentation and code samples for the Google Cloud Chronicle V1 Client class Rule.
The Rule resource represents a user-created rule.
NEXT TAG: 21
Generated from protobuf message google.cloud.chronicle.v1.Rule
Namespace
Google \ Cloud \ Chronicle \ V1Methods
__construct
Constructor.
data
array
Optional. Data for populating the Message object.
↳ name
string
Identifier. Full resource name for the rule. Format: projects/{project}/locations/{location}/instances/{instance}/rules/{rule}
↳ revision_id
string
Output only. The revision ID of the rule. A new revision is created whenever the rule text is changed in any way. Format: v_{10 digits}_{9 digits}
Populated in REVISION_METADATA_ONLY view and FULL view.
↳ display_name
string
Output only. Display name of the rule. Populated in BASIC view and FULL view.
↳ text
string
The YARA-L content of the rule. Populated in FULL view.
↳ author
string
Output only. The author of the rule. Extracted from the meta section of text. Populated in BASIC view and FULL view.
↳ severity
Severity
Output only. The severity of the rule as specified in the meta section of text. Populated in BASIC view and FULL view.
↳ metadata
array| Google\Protobuf\Internal\MapField
Output only. Additional metadata specified in the meta section of text. Populated in FULL view.
↳ create_time
Google\Protobuf\Timestamp
Output only. The timestamp of when the rule was created. Populated in FULL view.
↳ revision_create_time
Google\Protobuf\Timestamp
Output only. The timestamp of when the rule revision was created. Populated in FULL, REVISION_METADATA_ONLY views.
↳ compilation_state
int
Output only. The current compilation state of the rule. Populated in FULL view.
↳ type
int
Output only. User-facing type of the rule. Extracted from the events section of rule text. Populated in BASIC view and FULL view.
↳ reference_lists
array
Output only. Resource names of the reference lists used in this rule. Populated in FULL view.
↳ allowed_run_frequencies
array
Output only. The run frequencies that are allowed for the rule. Populated in BASIC view and FULL view.
↳ etag
string
The etag for this rule. If this is provided on update, the request will succeed if and only if it matches the server-computed value, and will fail with an ABORTED error otherwise. Populated in BASIC view and FULL view.
↳ scope
string
Resource name of the DataAccessScope bound to this rule. Populated in BASIC view and FULL view. If reference lists are used in the rule, validations will be performed against this scope to ensure that the reference lists are compatible with both the user's and the rule's scopes. The scope should be in the format: projects/{project}/locations/{location}/instances/{instance}/dataAccessScopes/{scope}
.
↳ compilation_diagnostics
array< CompilationDiagnostic
>
Output only. A list of a rule's corresponding compilation diagnostic messages such as compilation errors and compilation warnings. Populated in FULL view.
↳ near_real_time_live_rule_eligible
bool
Output only. Indicate the rule can run in near real time live rule. If this is true, the rule uses the near real time live rule when the run frequency is set to LIVE.
↳ inputs_used
InputsUsed
Output only. The set of inputs used in the rule. For example, if the rule uses $e.principal.hostname, then the uses_udm field will be true.
getName
Identifier. Full resource name for the rule.
Format: projects/{project}/locations/{location}/instances/{instance}/rules/{rule}
string
setName
Identifier. Full resource name for the rule.
Format: projects/{project}/locations/{location}/instances/{instance}/rules/{rule}
var
string
$this
getRevisionId
Output only. The revision ID of the rule.
A new revision is created whenever the rule text is changed in any way.
Format: v_{10 digits}_{9 digits}
Populated in REVISION_METADATA_ONLY view and FULL view.
string
setRevisionId
Output only. The revision ID of the rule.
A new revision is created whenever the rule text is changed in any way.
Format: v_{10 digits}_{9 digits}
Populated in REVISION_METADATA_ONLY view and FULL view.
var
string
$this
getDisplayName
Output only. Display name of the rule.
Populated in BASIC view and FULL view.
string
setDisplayName
Output only. Display name of the rule.
Populated in BASIC view and FULL view.
var
string
$this
getText
The YARA-L content of the rule.
Populated in FULL view.
string
setText
The YARA-L content of the rule.
Populated in FULL view.
var
string
$this
getAuthor
Output only. The author of the rule. Extracted from the meta section of text. Populated in BASIC view and FULL view.
string
setAuthor
Output only. The author of the rule. Extracted from the meta section of text. Populated in BASIC view and FULL view.
var
string
$this
getSeverity
Output only. The severity of the rule as specified in the meta section of text. Populated in BASIC view and FULL view.
hasSeverity
clearSeverity
setSeverity
Output only. The severity of the rule as specified in the meta section of text. Populated in BASIC view and FULL view.
$this
getMetadata
Output only. Additional metadata specified in the meta section of text.
Populated in FULL view.
setMetadata
Output only. Additional metadata specified in the meta section of text.
Populated in FULL view.
$this
getCreateTime
Output only. The timestamp of when the rule was created.
Populated in FULL view.
hasCreateTime
clearCreateTime
setCreateTime
Output only. The timestamp of when the rule was created.
Populated in FULL view.
$this
getRevisionCreateTime
Output only. The timestamp of when the rule revision was created.
Populated in FULL, REVISION_METADATA_ONLY views.
hasRevisionCreateTime
clearRevisionCreateTime
setRevisionCreateTime
Output only. The timestamp of when the rule revision was created.
Populated in FULL, REVISION_METADATA_ONLY views.
$this
getCompilationState
Output only. The current compilation state of the rule.
Populated in FULL view.
int
setCompilationState
Output only. The current compilation state of the rule.
Populated in FULL view.
var
int
$this
getType
Output only. User-facing type of the rule. Extracted from the events section of rule text. Populated in BASIC view and FULL view.
int
setType
Output only. User-facing type of the rule. Extracted from the events section of rule text. Populated in BASIC view and FULL view.
var
int
$this
getReferenceLists
Output only. Resource names of the reference lists used in this rule.
Populated in FULL view.
setReferenceLists
Output only. Resource names of the reference lists used in this rule.
Populated in FULL view.
var
string[]
$this
getAllowedRunFrequencies
Output only. The run frequencies that are allowed for the rule.
Populated in BASIC view and FULL view.
setAllowedRunFrequencies
Output only. The run frequencies that are allowed for the rule.
Populated in BASIC view and FULL view.
var
int[]
$this
getEtag
The etag for this rule.
If this is provided on update, the request will succeed if and only if it matches the server-computed value, and will fail with an ABORTED error otherwise. Populated in BASIC view and FULL view.
string
setEtag
The etag for this rule.
If this is provided on update, the request will succeed if and only if it matches the server-computed value, and will fail with an ABORTED error otherwise. Populated in BASIC view and FULL view.
var
string
$this
getScope
Resource name of the DataAccessScope bound to this rule.
Populated in BASIC view and FULL view.
If reference lists are used in the rule, validations will be performed
against this scope to ensure that the reference lists are compatible with
both the user's and the rule's scopes.
The scope should be in the format: projects/{project}/locations/{location}/instances/{instance}/dataAccessScopes/{scope}
.
string
setScope
Resource name of the DataAccessScope bound to this rule.
Populated in BASIC view and FULL view.
If reference lists are used in the rule, validations will be performed
against this scope to ensure that the reference lists are compatible with
both the user's and the rule's scopes.
The scope should be in the format: projects/{project}/locations/{location}/instances/{instance}/dataAccessScopes/{scope}
.
var
string
$this
getCompilationDiagnostics
Output only. A list of a rule's corresponding compilation diagnostic messages such as compilation errors and compilation warnings. Populated in FULL view.
setCompilationDiagnostics
Output only. A list of a rule's corresponding compilation diagnostic messages such as compilation errors and compilation warnings. Populated in FULL view.
$this
getNearRealTimeLiveRuleEligible
Output only. Indicate the rule can run in near real time live rule.
If this is true, the rule uses the near real time live rule when the run frequency is set to LIVE.
bool
setNearRealTimeLiveRuleEligible
Output only. Indicate the rule can run in near real time live rule.
If this is true, the rule uses the near real time live rule when the run frequency is set to LIVE.
var
bool
$this
getInputsUsed
Output only. The set of inputs used in the rule. For example, if the rule uses $e.principal.hostname, then the uses_udm field will be true.
hasInputsUsed
clearInputsUsed
setInputsUsed
Output only. The set of inputs used in the rule. For example, if the rule uses $e.principal.hostname, then the uses_udm field will be true.
$this
