Rule object properties
| Field Name | Field Type | Mandatory Y/N | Description |
|---|---|---|---|
| rule_name | String | Y | Rule name |
| type | String | Y |
Rule type Valid values: CUMULATIVE _CONDITION - Supported only for DLP policies EVERY_MATCHED _CONDITION |
| max_matches | String | Y |
Matches are calculated as the X matched conditions. Valid values: GREATEST_NUMBER, SUM_ALL |
| count_type | String | Y - only for type = CUMULATIVE _CONDITION |
Type of the matcher counter Valid values: EVENTS, UNIQUE_MATCHES, MATCHES |
| count_time_period | String | Y - only for type = CUMULATIVE _CONDITION |
Count period Valid values: FIVE_MINUTES, FIFTEEN_MINUTES, THIRTY_MINUTES, ONE_HOUR, FOUR_HOURS, EIGHT_HOURS, TWENTY_FOUR_HOURS, THREE_DAYS, SEVEN_DAYS |
|
count_time_period _window |
String | Y - only for type = CUMULATIVE _CONDITION |
The rate of matches should decline for at least X before counting stops. If it does not, matches will continue to accumulate. Valid values: FIVE_MINUTES, FIFTEEN_MINUTES, THIRTY_MINUTES, ONE_HOUR, FOUR_HOURS, EIGHT_HOURS, TWENTY_FOUR_HOURS, THREE_DAYS, SEVEN_DAYS |
| classifier_details | Values as listed in table - "Classifier details object properties" | Y | |
| risk_adaptive_protection _enabled |
String | Y |
Is risk adaptive protection enabled. Valid values: "true", "false" |
| risk_adaptive_protection | Values as listed in table - "Risk adaptive protection object properties" | N - available only if risk_adaptive_protection _enabled is "true" |