Enum OPERATION
Operations available for Analysis rules.
Namespace: AttackSurfaceAnalyzer.Types
Assembly: AsaLib.dll
Syntax
public enum OPERATIONFields
| Name | Description |
|---|---|
| CONTAINS | Checks if the specified fields values contain all of the data in the Data list or DictData dictionary as appropriate for the field. |
| CONTAINS_ANY | Checks if the specified fields values contain any of the data in the Data list or DictData dictionary as appropriate for the field. |
| DOES_NOT_CONTAIN | Checks if the specified fields values does not contain any of the data in the Data list or DictData dictionary as appropriate for the field. |
| DOES_NOT_CONTAIN_ALL | Checks if the specified fields values does not contain all of the data in the Data list or DictData dictionary as appropriate for the field. |
| ENDS_WITH | Checks if the specified field ends with any of the strings in the Data list. |
| EQ | Checks that any value in the Data list or DictData dictionary have a match in the specified field's object as appropriate. |
| GT | Checks whether the specified fields value when parsed as an int is greater than first value in the Data list as Parsed as an Int |
| IS_AFTER | Checks if the specified field, as parsed as time, is after the time specified in the first entry of the Data list |
| IS_BEFORE | Checks if the specified field, as parsed as time, is before the time specified in the first entry of the Data list |
| IS_EXPIRED | Checks if the specified field, as parsed as time, is before DateTime.Now. |
| IS_NULL | Checks if the specified field is null in both runs. |
| IS_TRUE | Checks if the specified field is true in either run. |
| LT | Checks whether the specified fields value when parsed as an int is less than first value in the Data list as Parsed as an Int |
| NEQ | Checks that any value in the Data list or DictData dictionary does not have a match in the specified field's object as appropriate. |
| REGEX | Generates regular expressions from the Data list provided and tests them against the specified field. If any match it is a success. |
| STARTS_WITH | Checks if the specified field starts with any of the strings in the Data list. |
| WAS_MODIFIED | Checks if the specified field was modified between the two runs. |