Deployment Schema Schema

http://example.com/example.json

schema for deployment

Abstract Extensible Status Identifiable Custom Properties Additional Properties Access Restrictions Defined In
Can be instantiated No Unknown status No Forbidden Allowed none deployments.spec.json

Deployment Schema Type

object (Deployment Schema)

Deployment Schema Default Value

The default value is:

{}

Deployment Schema Properties

Property Type Required Nullable Defined by
alert_action object Optional cannot be null Deployment Schema
date string Required cannot be null Deployment Schema
description string Required cannot be null Deployment Schema
id string Required cannot be null Deployment Schema
name string Required cannot be null Deployment Schema
scheduling object Required cannot be null Deployment Schema
tags object Required cannot be null Deployment Schema
Additional Properties Any Optional can be null  

alert_action

Set alert action parameter for search

alert_action

alert_action Type

object (Details)

alert_action Default Value

The default value is:

{}

alert_action Examples

email:
  message: Splunk Alert $name$ triggered %fields%
  subject: Splunk Alert $name$
  to: test@test.com
index:
  name: asx
notable:
  rule_description: '%description%'
  rule_title: '%name%'

date

date of creation or modification, format yyyy-mm-dd

date

date Type

string

date Examples

'2019-12-06'

description

description of the deployment configuration

description

description Type

string

description Examples

>-
  This deployment configuration provides a standard scheduling policy over all
  rules.

id

uuid as unique identifier

id

id Type

string

id Examples

fb4c31b0-13e8-4155-8aa5-24de4b8d6717

name

Name of deployment configuration

name

name Type

string

name Examples

Deployment Configuration all Detections

scheduling

allows to set scheduling parameter

scheduling

scheduling Type

object (Details)

scheduling Default Value

The default value is:

{}

scheduling Examples

cron_schedule: '*/10 * * * *'
earliest_time: '-10m'
latest_time: now
schedule_window: auto

tags

An array of key value pairs for tagging

tags

tags Type

object (Details)

tags Constraints

minimum number of items: the minimum number of items for this array is: 1

unique items: all items in this array must be unique. Duplicates are not allowed.

tags Default Value

The default value is:

{}

tags Examples

analytic_story: credential_dumping

Additional Properties

Additional properties are allowed and do not have to follow a specific schema