Use Case Explorer filters
Use these filters in the example script to download a Use Case Explorer report in CSV format.
Rule tests
Log source
{"name":"DeviceID_Test","type":"TEST","recursive":true,"matchCriteria":"PARTIAL","values":["1","2"],"attributeName":"","valueType":"COMMON"}]
Log source type
{"name":"DeviceTypeID_Test","type":"TEST","recursive":true,"matchCriteria":"PARTIAL","values":["1","2"],"attributeName":"","valueType":"COMMON"}]
Log source group
{"name":"DeviceGroupID_Test","type":"TEST","recursive":true,"matchCriteria":"PARTIAL","values":["1","2"],"attributeName":"","valueType":"COMMON"}]
Other tests: Ariel search
{"name":"LST_ALL","type":"TEST","recursive":true,"matchCriteria":"IGNORE","values":[],"attributeName":"LST_ALL","valueType":"TEST"}
Other tests: Domain
{"name":"DOMAIN_ALL","type":"TEST","recursive":true,"matchCriteria":"IGNORE","values":[],"attributeName":"DOMAIN_ALL","valueType":"TEST"}
Rule attributes
Rule name
{"name":"name","type":"ATTRIBUTE","recursive":true,"matchCriteria":"PARTIAL","values":["Test"],"attributeName":"","valueType":"UNIQUE"}
Rule enabled: True
Rule Enabled: True
{"name":"enabled","type":"ATTRIBUTE","recursive":true,"matchCriteria":"PARTIAL","values":[true],"attributeName":"","valueType":"EXCLUSIVE_COMMON"}
Rule
{"name":"rule","type":"ATTRIBUTE","recursive":true,"matchCriteria":"PARTIAL","values":[true],"attributeName":"","valueType":"EXCLUSIVE_COMMON"}
Type: Events
{"name":"type","type":"ATTRIBUTE","recursive":true,"matchCriteria":"PARTIAL","values":["EVENT"],"attributeName":"","valueType":"COMMON"}
Origin: System
{"name":"rule_orig","type":"ATTRIBUTE","recursive":true,"matchCriteria":"PARTIAL","values":["SYSTEM"],"attributeName":"","valueType":"COMMON"}
Rule category: Custom rule
{"name":"rule_cat","type":"ATTRIBUTE","recursive":true,"matchCriteria":"PARTIAL","values":["Custom Rule"],"attributeName":"","valueType":"COMMON"}
Group: Amazon AWS
{"name":"group","type":"ATTRIBUTE","recursive":true,"matchCriteria":"PARTIAL","values":["Amazon AWS"],"attributeName":"","valueType":"COMMON"}
Group: Botnet, Category Definitions (Multiple filter selection)
{"name":"group","type":"ATTRIBUTE","recursive":true,"matchCriteria":"PARTIAL","values":["Botnet","Category Definitions"],"attributeName":"","valueType":"COMMON"}
Action: Event is part of an offense
{"name":"action","type":"ATTRIBUTE","recursive":true,"matchCriteria":"PARTIAL","values":["offense"],"attributeName":"","valueType":"COMMON"}
Response: Email
{"name":"response","type":"ATTRIBUTE","recursive":true,"matchCriteria":"PARTIAL","values":["email"],"attributeName":"","valueType":"COMMON"}
MITRE ATT&CK
Tactic: Collection
{"name":"tactic","type":"ATTCK","recursive":true,"matchCriteria":"PARTIAL","values":["TA0009"],"attributeName":"","valueType":"EXCLUSIVE_COMMON"}
Technique: Data Obfuscation
{"name":"technique","type":"ATTCK","recursive":true,"matchCriteria":"PARTIAL","values":["T1001"],"attributeName":"","valueType":"EXCLUSIVE_COMMON"}
Mapping confidence: High
{"name":"mapping_confidence","type":"ATTCK","recursive":true,"matchCriteria":"PARTIAL","values":["high"],"attributeName":"","valueType":"COMMON"}
Mapping enabled: True
{"name":"mapping_enabled","type":"ATTCK","recursive":true,"matchCriteria":"PARTIAL","values":[true],"attributeName":"","valueType":"EXCLUSIVE_COMMON"}
Tactic: Initial Access, Impact (Multiple filter selection)
{"name":"tactic","type":"ATTCK","recursive":true,"matchCriteria":"PARTIAL","values":["TA0001","TA0040"],"attributeName":"","valueType":"EXCLUSIVE_COMMON"}