| Rule Category |
category_id |
Recommended |
Integer |
The category of the rule.
| 0 | Unknown | Rule category is unknown. | |
| 1 | Engine Analysis | Signature detection or machine learning heuristics detected the file. | |
| 2 | Reputation | The file’s reputation is worse than the policy threshold. | |
| 3 | Prevalence | The file’s low usage is suspicious and is not allowed per policy threshold. | |
| 4 | Discovered Date | The file is too new and is not allowed per policy threshold. | |
| 5 | Blocked by User | The file is blocked by the user. | |
| 6 | Blocked by Admin | The file is blocked by the administrator. | |
| 7 | Custom Detection | Custom YARA rule detected the file. | |
| 8 | Compliance | Compliance Scan status. | |
|
| Rule DescriptionЕxt |
desc |
Recommended |
String |
The description of the rule. |
| DLP Rule TypeЕxt |
dlp_type_id |
Optional |
Integer |
The Data Loss Protection specific rule type.
| 1 | Sender | | |
| 2 | Recipient | | |
| 3 | Attachment - File type | | |
| 4 | Regular expression | | |
| 5 | Exact Data Mapping (EDM) | | |
| 7 | Attachment - File size | | |
| 8 | Keyword Match | | |
| 9 | Attachment - File name | | |
| 10 | Protocol | | |
| 11 | Indexed Document Matching (IDM) | | |
| 12 | Sender Directory Group Match (DGM) | | |
| 13 | Recipient Directory Group Match (DGM) | | |
| 14 | Data identifiers | | |
| 15 | Endpoint Location | | |
| 16 | Recipient User Group | | |
| 18 | Custom File Type Signature | | |
| 19 | Vector Machine Learning (VML) | | |
| 20 | Endpoint Device | | |
| 21 | MAPI Attribute | | |
|
| Alert |
is_alertable |
Recommended |
Boolean |
Indicates whether the event should be considered for management server alerting. |
| Rule Name |
name |
Recommended |
String |
The name given to the rule. |
| ViolationsЕxt |
num_violations |
Optional |
Integer |
The number of times the policy or rule was violated. |
| Rule IDЕxt |
uid |
Recommended |
String |
The unique identifier of the rule. |