node-pattern-group
Retreives pattern group items synchronized with the control node in the data node. This command is only available in the data node.
Syntax
node-pattern-group [guid=SIG_GUID]
Optional Parameter
guid=SIG_GUID
- GUID of the pattern group. If you specify the GUID, the command displays the pattern group information corresponding to the specified GUID. If you do not specify the GUID, the command displays a list of all pattern groups synchronized to the data nodes.
Description
The output fields of when the pattern group GUID is specified are as follows:
Field | Type | Description |
---|---|---|
expr | String | A boolean combination of keywords for Aho-Corasick multi-pattern matching |
expr2 | String | Secondary inspection expression after expr matching |
rule | String | Pattern name (name to be tagged in the output when matching) |
The output fields of when the pattern group GUID is not specified are as follows:
Field | Type | Description |
---|---|---|
id | Integer | Integer identifier |
guid | String | Pattern group GUID |
name | String | Pattern group name |
description | String | Pattern group description |
pattern_count | Integer | Number of items in the pattern group |
company_guid | String | Company GUID |
company_name | String | Company name |
user_name | String | Account name |
user_guid | String | Account GUID |
Usage
-
Load the list of pattern groups synchronized on the data node.
node-pattern-group
-
Retrieve specific pattern group items synchronized on the data node.
node-pattern-group guid=b5ce2e95-67b9-4d64-8f6e-2746264a58d2