You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/cse/match-lists-suppressed-lists/custom-match-list-columns.md
+8-8Lines changed: 8 additions & 8 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -6,15 +6,15 @@ description: Learn how to define custom columns for use in Match Lists.
6
6
7
7
import useBaseUrl from '@docusaurus/useBaseUrl';
8
8
9
-
This page has information about custom Match List columns
9
+
This page has information about custom match list columns.
10
10
11
-
## About Match Lists and Target Columns
11
+
## About match lists and target columns
12
12
13
-
Match Lists are lists of important indicators and identifiers that a Cloud SIEM analyst creates. Match Lists are typically used to define “allow lists” of items, like IP addresses, URLs, or hostnames that you want to exempt from ordinary rule processing. Many of Cloud SIEM’s built-in rules reference [standard Match Lists](/docs/cse/match-lists-suppressed-lists/standard-match-lists). Examples of standard Match Lists include a list of trusted domains, and a list of IP addresses that shouldn’t trigger SSL detection rules.
13
+
Match lists are lists of important indicators and identifiers that a Cloud SIEM analyst creates. Match lists are typically used to define “allow lists” of items, like IP addresses, URLs, or hostnames that you want to exempt from ordinary rule processing. Many of Cloud SIEM’s built-in rules reference [standard match lists](/docs/cse/match-lists-suppressed-lists/standard-match-lists). Examples of standard match lists include a list of trusted domains, and a list of IP addresses that shouldn’t trigger SSL detection rules.
14
14
15
-
You can define your own custom Match Lists, and reference them in rules that you write yourself. When you create a Match List, whether it’s a standard or a custom list, you select a Target Column, which indicates the Record attribute or attributes that should be compared to the Match List. The options that appear in the **Target Column** selector list include “Hostname”, “Domain”, “Username”, and so on. Note that these options usually map to multiple Record attributes. For example, if you select “Username” as a list’s Target Column, any occurrences of username, `fromUser_username`, or `user_username` in incoming Records will be compared to the Match List. For information about how **Target Column** options in the UI map to Cloud SIEM schema attributes, see [Match Fields Reference](/docs/cse/match-lists-suppressed-lists/match-fields-reference).
15
+
You can define your own custom match lists, and reference them in rules that you write yourself. When you create a match list, whether it’s a standard or a custom list, you select a target column, which indicates the record attribute or attributes that should be compared to the match list. The options that appear in the **Target Column** selector list include “Hostname”, “Domain”, “Username”, and so on. Note that these options usually map to multiple record attributes. For example, if you select “Username” as a list’s target column, any occurrences of username, `fromUser_username`, or `user_username` in incoming records will be compared to the match list. For information about how **Target Column** options in the UI map to Cloud SIEM schema attributes, see [Match Fields Reference](/docs/cse/match-lists-suppressed-lists/match-fields-reference).
16
16
17
-
If you create a Match List for which none of the existing Target Column options is appropriate, you can create a custom column.
17
+
If you create a match list for which none of the existing target column options is appropriate, you can create a custom column.
18
18
19
19
## View custom columns in the Cloud SIEM UI
20
20
@@ -29,7 +29,7 @@ To see the custom columns that have been defined in your environment:
29
29
1. On the **Custom Columns** page, click **Create**.
30
30
1. The **Create Match List Column** popup appears. <br/><img src={useBaseUrl('img/cse/create-column.png')} alt="Create column" style={{border: '1px solid gray'}} width="400"/>
31
31
1.**Name**. Enter a name for the custom column.
32
-
1.**Fields**. Click the chevron icon to display a selector list of Cloud SIEM attributes. You can select multiple attributes. If multiple attributes are selected, the match list will match if the list item value matches a Record value for any of the custom column attributes. Click the icon next to Show field guide to view more information, such as data type, about attributes.
32
+
1.**Fields**. Click the chevron icon to display a selector list of Cloud SIEM attributes. You can select multiple attributes. If multiple attributes are selected, the match list will match if the list item value matches a record value for any of the custom column attributes. Click the icon next to Show field guide to view more information, such as data type, about attributes.
33
33
1. Click **Create** to add the new column.
34
34
35
35
## Edit a custom column
@@ -43,8 +43,8 @@ To see the custom columns that have been defined in your environment:
43
43
1. On the **Custom Columns** page, click the trash can icon in the row for the column you want to delete.
44
44
1. On the **Delete column** popup, click confirmation popup **Yes, Delete Column**.
45
45
46
-
## Create a Match List with a custom column
46
+
## Create a match list with a custom column
47
47
48
-
Follow the instructions in the [Create a Match List](/docs/cse/match-lists-suppressed-lists/create-match-list), and select the desired column in the **Custom** section of the **Target Column** selector list.
48
+
Follow the instructions in [Create a Match List](/docs/cse/match-lists-suppressed-lists/create-match-list), and select the desired column in the **Custom** section of the **Target Column** selector list.
description: Learn about creating a Match list and their usage in rules.
4
+
description: Learn about creating a match list and their usage in rules.
5
5
---
6
6
7
-
This guide has information about Cloud SIEM Match Lists, including how they are used in Cloud SIEM and how to create them.
7
+
This guide has information about Cloud SIEM match lists, including how they are used in Cloud SIEM and how to create them.
8
8
9
9
import useBaseUrl from '@docusaurus/useBaseUrl';
10
10
@@ -14,31 +14,31 @@ In this section, we'll introduce the following concepts:
14
14
<divclassName="box smallbox card">
15
15
<divclassName="container">
16
16
<ahref="/docs/cse/match-lists-suppressed-lists/create-match-list"><img src={useBaseUrl('img/icons/operations/matching-list.png')} alt="List icon" width="40"/><h4>Create a Match List</h4></a>
17
-
<p>Learn about Match Lists, their purpose, usage, and how to create them. </p>
17
+
<p>Learn about match lists, their purpose, usage, and how to create them. </p>
18
18
</div>
19
19
</div>
20
20
<divclassName="box smallbox card">
21
21
<divclassName="container">
22
-
<ahref="/docs/cse/match-lists-suppressed-lists/custom-match-list-columns"><img src={useBaseUrl('img/icons/operations/matching-list.png')} alt="List icon" width="40"/><h4>Custom Match List Columns</h4></a>
23
-
<p>Learn how to define custom columns for use in Match Lists.</p>
22
+
<ahref="/docs/cse/match-lists-suppressed-lists/custom-match-list-columns"><img src={useBaseUrl('img/icons/operations/matching-list.png')} alt="List icon" width="40"/><h4>Custom match list Columns</h4></a>
23
+
<p>Learn how to define custom columns for use in match lists.</p>
<p>Learn what Record fields a Match List with a given Target Column will be compared to.</p>
29
+
<p>Learn what record fields a match list with a given target column will be compared to.</p>
30
30
</div>
31
31
</div>
32
32
<divclassName="box smallbox card">
33
33
<divclassName="container">
34
34
<ahref="/docs/cse/match-lists-suppressed-lists/standard-match-lists"><img src={useBaseUrl('img/icons/operations/matching-list.png')} alt="List icon" width="40"/><h4>Entity Tags and Standard Match Lists</h4></a>
35
-
<p>Learn how to identify specific Entities that should be treated differently during Cloud SIEM rule processing.</p>
35
+
<p>Learn how to identify specific entities that should be treated differently during Cloud SIEM rule processing.</p>
Copy file name to clipboardExpand all lines: docs/cse/match-lists-suppressed-lists/match-fields-reference.md
+3-3Lines changed: 3 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,14 +1,14 @@
1
1
---
2
2
id: match-fields-reference
3
3
title: Match Fields Reference
4
-
description: Learn what Record fields a Match List with a given Target Column is compared to.
4
+
description: Learn what record fields a match list with a given target column is compared to.
5
5
---
6
6
7
7
import useBaseUrl from '@docusaurus/useBaseUrl';
8
8
9
-
This topic is a reference to the Record fields that a Match List with a given Target Column will be compared to. Each header below—Hostname, Domain, Username, and—is a supported Target Column for a Cloud SIEM Match List. The items listed below each header are Record fields
9
+
This topic is a reference to the record fields that a match list with a given target column will be compared to. Each header below—Hostname, Domain, Username, and—is a supported target column for a Cloud SIEM match list. The items listed below each header are record fields
10
10
11
-
If a Record contains a field whose name matches one of the match fields for a Target Column, the name of the Match List, Cloud SIEM will append the Match List name to the Record in the `list_matches` array.
11
+
If a record contains a field whose name matches one of the match fields for a target column, the name of the match list, Cloud SIEM will append the match list name to the record in the `list_matches` array.
0 commit comments