# Security rule
LLMS index: [llms.txt](/llms.txt)
---
## Security Rule
Describes security rule attributes. Rule fields are used to capture the specifics of any observer or agent rules that generate alerts or other notable events.
**Attributes:**
| Key | Stability | Value Type | Description | Example Values |
| --- | --- | --- | --- | --- |
| `security_rule.category` |  | string | A categorization value keyword used by the entity using the rule for detection of this event | `Attempted Information Leak` |
| `security_rule.description` |  | string | The description of the rule generating the event. | `Block requests to public DNS over HTTPS / TLS protocols` |
| `security_rule.license` |  | string | Name of the license under which the rule used to generate this event is made available. | `Apache 2.0` |
| `security_rule.name` |  | string | The name of the rule or signature generating the event. | `BLOCK_DNS_over_TLS` |
| `security_rule.reference` |  | string | Reference URL to additional information about the rule used to generate this event. [1] | `https://en.wikipedia.org/wiki/DNS_over_TLS` |
| `security_rule.ruleset.name` |  | string | Name of the ruleset, policy, group, or parent category in which the rule used to generate this event is a member. | `Standard_Protocol_Filters` |
| `security_rule.uuid` |  | string | A rule ID that is unique within the scope of a set or group of agents, observers, or other entities using the rule for detection of this event. | `550e8400-e29b-41d4-a716-446655440000`; `1100110011` |
| `security_rule.version` |  | string | The version / revision of the rule being used for analysis. | `1.0.0` |
**[1] `security_rule.reference`:** The URL can point to the vendor’s documentation about the rule. If that’s not available, it can also be a link to a more general page describing this type of alert.