跳转至

Object model(对象模型(Object model))

There are two primary object model concepts that are relevant to Foundry Rules:

  • Rules, which are applied to data, and
  • Proposals, which provide a means by which rules can be changed.

Rules

Rules are standard objects consisting of:

  • A collection of rule metadata properties such as name, description, author, rule type, etc.
  • A collection of custom properties to be applied to the filtered dataset or passed to the transform.
  • For “alerting” patterns, these might be alert_severity, alert_assignee, or priority.
  • For “categorization” patterns, these might be group, sub-group, etc.
  • A logic property containing the match conditions for that rule.
  • The logic is stored as a compressed JSON blob that conforms to a specific grammar for consistent serialization.

A set of metadata input fields like rule name, workflow-specific input fields like level of suspicion, and logic displaying a simple filter on an object property.

Learn how to customize properties for your own workflow.

Proposals

Many rule management use cases have corresponding requirements for an audit and review process governing the creation, editing, and deletion of rules. To service these needs, Foundry Rules supports rule proposals as a method of submitting, reviewing, and monitoring changes to rules. Rule proposals are analogous to the software development concept of "pull requests" ↗, such that each rule can have multiple proposals at a given time.

:::callout{theme="neutral"} Proposals are a feature and not a requirement of Foundry Rules. Since Foundry Rules employs standard objects and Actions to create this approval flow, the workflow can be customized as desired to match any operational or regulatory requirements for rule change management. :::

Proposals are represented as objects containing:

  • The rule ID to be edited, created, or deleted.
  • Proposal metadata such as the proposal author, timestamp, status (open, approved, rejected), and reviewer.
  • The diff of the changes in the proposal (i.e. list of the changes), captured in properties: old_rule_name, new_rule_name, old_logic, new_logic, etc.

A diff showing the changes to metadata fields as well as rule logic


中文翻译


对象模型(Object model)

与 Foundry Rules 相关的对象模型概念主要有两个:

规则(Rules)

规则是标准对象,包含以下内容:

  • 一组规则元数据属性(rule metadata properties),如名称、描述、作者、规则类型等。
  • 一组自定义属性(custom properties),应用于过滤后的数据集或传递给转换(transform)。
  • 对于"告警(alerting)"模式,可能包括 alert_severityalert_assigneepriority
  • 对于"分类(categorization)"模式,可能包括 groupsub-group 等。
  • 一个逻辑属性(logic property),包含该规则的匹配条件。
  • 逻辑以压缩的 JSON 格式存储,符合特定语法以确保序列化一致性。

一组元数据输入字段(如规则名称)、工作流特定输入字段(如怀疑级别),以及显示对象属性简单过滤条件的逻辑。

了解如何为你的工作流自定义属性

提案(Proposals)

许多规则管理用例都要求建立审计和审查流程,以规范规则的创建、编辑和删除。为满足这些需求,Foundry Rules 支持规则提案(rule proposals),作为提交、审查和监控规则变更的方法。规则提案类似于软件开发中的"拉取请求(pull requests)" ↗,每条规则在特定时间可以有多个提案。

:::callout{theme="neutral"} 提案是 Foundry Rules 的一项功能,而非必需条件。由于 Foundry Rules 使用标准对象和操作(Actions)来创建此审批流程,因此可以根据需要自定义工作流,以满足规则变更管理的任何运营或监管要求。 :::

提案表示为包含以下内容的对象:

  • 待编辑、创建或删除的规则 ID
  • 提案元数据(Proposal metadata),如提案作者、时间戳、状态(开放、已批准、已拒绝)和审查人。
  • 提案中的变更差异(diff of the changes)(即变更列表),通过以下属性捕获:old_rule_namenew_rule_nameold_logicnew_logic 等。

显示元数据字段及规则逻辑变更的差异对比