Security ContentExabeam Security Content in the Legacy Structure

Here is an example event builder definition containing a number of common fields, such as name, output-type, source, and vendor.

netskope-file-write = {
   input-message = [{
     expression = "InList(type, 'netskope-activity','s-netskope-activity','cef-netskope-file-operation-1') and InList(toLower(activity),'edit','move','create')"
   }]
   name = netskope-file-write
   output-type = file-write
   source = Netskope Active Platform
   vendor = Netskope Active Platform
}