Security rule
Security Rule
Describes security rule attributes. Rule fields are used to capture the specifics of any observer or agent rules that generate alerts or other notable events.
| Attribute | Type | Description | Examples | Stability |
|---|---|---|---|---|
security_rule.category | string | A categorization value keyword used by the entity using the rule for detection of this event | Attempted Information Leak |  |
security_rule.description | string | The description of the rule generating the event. | Block requests to public DNS over HTTPS / TLS protocols | |
security_rule.license | string | Name of the license under which the rule used to generate this event is made available. | Apache 2.0 | |
security_rule.name | string | The name of the rule or signature generating the event. | BLOCK_DNS_over_TLS | |
security_rule.reference | string | Reference URL to additional information about the rule used to generate this event. [1] | https://en.wikipedia.org/wiki/DNS_over_TLS | |
security_rule.ruleset.name | string | Name of the ruleset, policy, group, or parent category in which the rule used to generate this event is a member. | Standard_Protocol_Filters | |
security_rule.uuid | string | A rule ID that is unique within the scope of a set or group of agents, observers, or other entities using the rule for detection of this event. | 550e8400-e29b-41d4-a716-446655440000; 1100110011 | |
security_rule.version | string | The version / revision of the rule being used for analysis. | 1.0.0 | |
[1] security_rule.reference: The URL can point to the vendor’s documentation about the rule. If that’s not available, it can also be a link to a more general page describing this type of alert.
Thank you. Your feedback is appreciated!
Please let us know how we can improve this page. Your feedback is appreciated!