Rule Object

The rule object describes a rule that is ordinarily associated with a policy. The policy object contains an array of rule objects
Name Attribute Requirement Type Description
Rule Category category_id Recommended Integer The category of the rule.
0UnknownRule category is unknown.
1Engine AnalysisSignature detection or machine learning heuristics detected the file.
2ReputationThe file’s reputation is worse than the policy threshold.
3PrevalenceThe file’s low usage is suspicious and is not allowed per policy threshold.
4Discovered DateThe file is too new and is not allowed per policy threshold.
5Blocked by UserThe file is blocked by the user.
6Blocked by AdminThe file is blocked by the administrator.
7Custom DetectionCustom YARA rule detected the file.
8ComplianceCompliance Scan status.
Rule DescriptionЕxt desc Recommended String The description of the rule.
DLP Rule TypeЕxt dlp_type_id Optional Integer The Data Loss Protection specific rule type.
3Attachment - File type
4Regular expression
5Exact Data Mapping (EDM)
7Attachment - File size
8Keyword Match
9Attachment - File name
11Indexed Document Matching (IDM)
12Sender Directory Group Match (DGM)
13Recipient Directory Group Match (DGM)
14Data identifiers
15Endpoint Location
16Recipient User Group
18Custom File Type Signature
19Vector Machine Learning (VML)
20Endpoint Device
21MAPI Attribute
Alert is_alertable Recommended Boolean Indicates whether the event should be considered for management server alerting.
Rule Name name Recommended String The name given to the rule.
ViolationsЕxt num_violations Optional Integer The number of times the policy or rule was violated.
Rule IDЕxt uid Recommended String The unique identifier of the rule.