rule-trigger-test

December 12, 2024 · View on GitHub

Description

A test trigger of a security rule was recorded on a security product or program

Parameters

ParameterValue
Subjectrule
Activitytrigger-test
Activity Typerule-trigger-test
Pretty NameRule Trigger Test

Fields

The possible fields for this activity type will vary depending on whether the activity was a success or a fail.

rule-trigger-test:success

FieldCoreDetectionInformational
observed_activity
event_field
local_user_name
rule
technique
rules
rule_usecases
type
src_local_host
tactic
src_ip
subscription_code
src_product
trigger_time
field_value
src_vendor
dest_local_zone
event_filter
create_case
rule_severity
rule_source
entity_key
recoverability
risk_score
dest_local_host
previous_id
event_to_time_millis
src_host
case_description
log_time
event_url
tactic_key
technique_key
event_id
entity_type
rule_reason
entities
dest_ip
local_zone
event_from_time_millis
src_local_zone
dest_host
local_asset
mitre_labels
asset_labels
user
event_time

A failure activity is not currently supported for this activity-type.