Contains filtering rules for detection events from Kaspersky CyberTrace. You can specify several filtering rules at once.
Path
SendEventFilters
Attributes
This element has no attributes.
Nested elements
This element is a container for the following nested element:
A filtering rule.
SendEventFilters > Filter
This element defines a filtering rule.
For more information about this element and possible values of its attributes, see section "Working with indicators".
This element has the following attributes:
ActionableField element attributes
| Attribute | Description | 
|---|---|
| 
 | The name of the indicator attribute from the indicator database to which filtering rules are applied. | 
| 
 | Filtering rule. Kaspersky CyberTrace sends a detection event if the value of the indicator attribute matches the specified value. 
 | 
Example
The following is an example of this element.
| <SendEventFilters> <Filter attribute="ioc_supplier_context.last_seen" value="[01.02.2013;01.02.2015]"/> <Filter attribute="ioc_supplier_context.popularity" value="5"/> <Filter attribute="ioc_updated_timestamp" value="[%NOW%-3;%NOW%]"/> </SendEventFilters> |