SendEventFilters

Contains filtering rules for detection events from Kaspersky CyberTrace. You can specify several filtering rules at once.

Path

SendEventFilters

Attributes

This element has no attributes.

Nested elements

This element is a container for the following nested element:

SendEventFilters > Filter

This element defines a filtering rule.

For more information about this element and possible values of its attributes, see section "Working with indicators".

This element has the following attributes:

ActionableField element attributes

Attribute

Description

attribute

The name of the indicator attribute from the indicator database to which filtering rules are applied.

value

Filtering rule.

Kaspersky CyberTrace sends a detection event if the value of the indicator attribute matches the specified value.

 

Example

The following is an example of this element.

<SendEventFilters>

<Filter attribute="ioc_supplier_context.last_seen" value="[01.02.2013;01.02.2015]"/>

<Filter attribute="ioc_supplier_context.popularity" value="5"/>

<Filter attribute="ioc_updated_timestamp" value="[%NOW%-3;%NOW%]"/>

</SendEventFilters>

Page top