To create a D&R rule based on artifacts, you will need to specify
target: artifact. An example of the detection & response rule that checks artifacts is below. With this rule, you are able to look for references to private URLs in proxy logs; if the reference is found, a detection is generated.
- action: report
The list of operators and actions that can be used for D&R rules written for
target: artifact are specified here.