Supported operators

Operators currently supported for custom audit filters are numeric, boolean, and string.

Table 1. Supported operations types
Numeric operations Boolean operations String operations

“<”: less than

“>”: greater than

“<= : less than or equal to

“>=: greater than or equal to

“==”: equals to

“!=”: not equals to

“startsWith”: starts with

“endsWith”: ends with

“contains”: contains (case-sensitive)

“notContains”: does not contain (case-sensitive)

“isNull”: is null

“notNull”: is not null

“containsIgnoreCase”: contains (case-insensitive)

“notContainsIgnoreCase”: does not contain (case-insensitive)

A typical rule is defined in the following manner:

		"desc": "Discard all hive_table audits with name containing test",
		"action": "DISCARD",
		"ruleName": "test_rule_1",
		"ruleExpr": {
		    "ruleExprObjList": [
		            "typeName": "hive_table",
		            "attributeName": "name",
		            "operator": "contains",
		            "attributeValue": "test"