EventSettings > SendEventFilters

Contains filtering rules for detection alerts from Kaspersky CyberTrace. You can specify several filtering rules at once.

Path

Domains > Domain > OutputSettings > EventSettings > SendEventFilters

Attributes

This element has no attributes.

Nested elements

This element is a container for the following nested element:

• Filter

  A filtering rule.

SendEventFilters > Filter

This element defines a filtering rule.

This element has the following attributes:

Filter element attributes

Attribute	Description
attribute	The name of the indicator attribute from the indicator database to which filtering rules are applied.
value	Filtering rule. Kaspersky CyberTrace sends a detection alert if the value of the indicator attribute matches the specified value.

Example

The following is an example of this element.

<SendEventFilters> <Filter attribute="ioc_supplier_context.last_seen" value="[01.02.2013;01.02.2015]"/> <Filter attribute="ioc_supplier_context.popularity" value="5"/> <Filter attribute="ioc_updated_timestamp" value="[%NOW%-3;%NOW%]"/> </SendEventFilters>

Page top