Open Yuvijadeja opened 1 year ago
When we pass any custom attributes in rule it's not return that attributes in response.
request = { "title": "Test", "status": "test", "logsource": { "category": "test_category", "product": "test_product", }, "building_block": True, "detection": { "selection": { "fieldA": "valueA", "fieldB": '' }, "condition": "selection", } }
response = { "name": "SIGMA - Test", "tags": [], "consumer": "siem", "enabled": true, "throttle": null, "schedule": { "interval": "5m" }, "params": { "author": [], "description": "No description", "ruleId": "None", "falsePositives": [], "from": "now-5m", "immutable": false, "license": "DRL", "outputIndex": "", "meta": { "from": "1m" }, "maxSignals": 100, "riskScore": 21, "riskScoreMapping": [], "severity": "low", "severityMapping": [], "threat": [], "to": "now", "references": [], "version": 1, "exceptionsList": [], "relatedIntegrations": [], "requiredFields": [], "setup": "", "type": "query", "language": "lucene", "index": [ "apm--transaction", "auditbeat-", "endgame-", "filebeat-", "logs-", "packetbeat-", "traces-apm", "winlogbeat-", "-elastic-cloud-logs-*" ], "query": "fieldA:valueA AND fieldB:\"\"", "filters": [] }, "rule_type_id": "siem.queryRule", "notify_when": "onActiveAlert", "actions": [] }
When we pass any custom attributes in rule it's not return that attributes in response.
request = { "title": "Test", "status": "test", "logsource": { "category": "test_category", "product": "test_product", }, "building_block": True, "detection": { "selection": { "fieldA": "valueA", "fieldB": '' }, "condition": "selection", } }
response = { "name": "SIGMA - Test", "tags": [], "consumer": "siem", "enabled": true, "throttle": null, "schedule": { "interval": "5m" }, "params": { "author": [], "description": "No description", "ruleId": "None", "falsePositives": [], "from": "now-5m", "immutable": false, "license": "DRL", "outputIndex": "", "meta": { "from": "1m" }, "maxSignals": 100, "riskScore": 21, "riskScoreMapping": [], "severity": "low", "severityMapping": [], "threat": [], "to": "now", "references": [], "version": 1, "exceptionsList": [], "relatedIntegrations": [], "requiredFields": [], "setup": "", "type": "query", "language": "lucene", "index": [ "apm--transaction", "auditbeat-", "endgame-", "filebeat-", "logs-", "packetbeat-", "traces-apm", "winlogbeat-", "-elastic-cloud-logs-*" ], "query": "fieldA:valueA AND fieldB:\"\"", "filters": [] }, "rule_type_id": "siem.queryRule", "notify_when": "onActiveAlert", "actions": [] }