Contains filtering rules for detection events from Kaspersky CyberTrace. You can specify several filtering rules at once.
Path
SendEventFilters
Attributes
This element has no attributes.
Nested elements
This element is a container for the following nested element:
A filtering rule.
SendEventFilters > Filter
This element defines a filtering rule.
For more information about this element and possible values of its attributes, see section "Working with indicators".
This element has the following attributes:
ActionableField element attributes
Attribute |
Description |
---|---|
|
The name of the indicator attribute from the indicator database to which filtering rules are applied. |
|
Filtering rule. Kaspersky CyberTrace sends a detection event if the value of the indicator attribute matches the specified value.
|
Example
The following is an example of this element.
<SendEventFilters> <Filter attribute="ioc_supplier_context.last_seen" value="[01.02.2013;01.02.2015]"/> <Filter attribute="ioc_supplier_context.popularity" value="5"/> <Filter attribute="ioc_updated_timestamp" value="[%NOW%-3;%NOW%]"/> </SendEventFilters> |