Rules
Click here to see this page in full context


Search Tokens for Rules Page in Context XDR

You can use the search tokens available in Rules Page tab and refine your search results. Click each token to learn more about it.

Rules Page

namename

Search the rule by providing the unique name given to identify the rule.

Example

Show the rule having the name Remote Desktop Access from the Internet

name: Remote Desktop Access from the Internet

criticalitycriticality

Use a text value ##### to search all rules based on the criticality of the signal generated by this rule. Select value from: High, Low, Medium

Example

Show all rules that have low criticality

criticality: Low

techniquetechnique

Use a text value ##### to search all rules based on the MITRE attack techniques that the rule will fit in.

Example

Show all rules with MITRE attack technique as Access Token Manipulation

techniques: Access Token Manipulation

tactictactic

Use a text value ##### to search all rules based on the MITRE attack tactics that the rule will fit in.

Example

Show all rules with MITRE attack tactic as Initial Impact

tactic: Initial Impact

logSourceslogSources

Use a text value ##### to search all rules based on the list of log sources which are utilized in the rule. Select value from: Firewall, Windows, Proxy and so on.

Example

Show all rules that are based on the Windows log sources

logSources: Windows

descriptiondescription

Search the rules by providing the unique rule description.

Example

Show the rule having the description Remote access performed from internet without authentication

description: Remote access performed from internet without authentication

createdBycreatedBy

Use a text value ##### to search results based on user which created the rule.

Example

Show results with user dashb_du

createdBy: dashb_du

updatedByupdatedBy

Use a text value ##### to search results based on user who updated the rule.

Example

Show results with user who updated the rule

updatedBy: dashb_du

createdOncreatedOn

Use a date range or specific date to define date on which the rule was created.

Examples

Show rules created within certain dates

createdOn: [2016-01-01 .. 2016-01-10]

Show rules created starting 2015-10-01, ending 1 month ago

createdOn: [2015-10-01 .. now-1M]

Show rules created starting 2 weeks ago, ending 1 second ago

createdOn: [now-2w .. now-1s]

Show rules created on specific date

createdOn:'2016-01-08'

updatedOnupdatedOn

Use a date range or specific date to define date on which the rule was updated.

Examples

Show rules updated within certain dates

updatedOn: [2016-01-01 .. 2016-01-10]

Show rules updated starting 2015-10-01, ending 1 month ago

updatedOn: [2015-10-01 .. now-1M]

Show rules updated starting 2 weeks ago, ending 1 second ago

updatedOn: [now-2w .. now-1s]

Show rules updated on specific date

updatedOn:'2016-01-08'

ruleStatusruleStatus

Use a text value ##### to search all rules based on the rule's current status. Select value from: Active, Inactive.

Example

Show all rules that have an active status

ruleStatus: Active

libraryRuleIdlibraryRuleId

Use an integer value ##### to search results based on the library rule id which is associated with rules.

Example

Show results based on library rule id 7baa9f0c-c9ea-40d8-a59b-dbe0e8438f42

libraryRuleId: 7baa9f0c-c9ea-40d8-a59b-dbe0e8438f42

specialObjectIdsspecialObjectIds

Use an integer value ##### to search results based on the special object which is associated with rules.

Example

Show results based on special object *

specialObjectIds: *

versionversion

Use an integer value ##### to search results based on the version of the rules.

Example

Show results based on the version of rules

version: 1.1