LogpointApi.Data.Rule (logpoint_api v2.2.0)

@type t() :: %LogpointApi.Data.Rule{
  aggregation_type: String.t() | nil,
  apply_jinja_template: boolean(),
  assignee: String.t() | nil,
  delay_interval: non_neg_integer() | nil,
  description: String.t() | nil,
  flush_on_trigger: boolean(),
  foureyes: boolean(),
  jinja_template: String.t() | nil,
  limit: non_neg_integer() | nil,
  log_sources: [String.t()],
  metadata: map(),
  mitre_tags: [String.t()],
  name: String.t(),
  query: String.t() | nil,
  repos: [String.t()] | nil,
  risk_level: String.t() | nil,
  search_interval: non_neg_integer() | nil,
  simple_view: boolean(),
  threshold_option: String.t() | nil,
  threshold_value: number() | nil,
  throttling_enabled: boolean(),
  throttling_field: String.t() | nil,
  throttling_time_range: non_neg_integer() | nil,
  time_range_day: non_neg_integer() | nil,
  time_range_hour: non_neg_integer() | nil,
  time_range_minute: non_neg_integer() | nil,
  user_groups: [String.t()]
}

Functions

aggregation_type(rule, type)

assignee(rule, assignee)

delay_interval(rule, minutes)

description(rule, description)

flush_on_trigger(rule, enabled)

foureyes(rule, enabled)

jinja_template(rule, template)

limit(rule, limit)

log_sources(rule, sources)

metadata(rule, metadata)

mitre_tags(rule, tags)

new(name)

query(rule, query)

repos(rule, repos)

risk_level(rule, level)

search_interval(rule, minutes)

simple_view(rule, enabled)

threshold(rule, option, value)

throttling(rule, field, time_range)

time_range(rule, value, unit \\ :minute)

to_map(rule)

Convert a Rule struct into the nested map format expected by the Logpoint API.

user_groups(rule, groups)

validate(rule)

@spec validate(t()) :: :ok | {:error, [String.t()]}