Rules

The menu [Alerts>Rules Set] can be used to create a custom rule based on the selected Streams and (optional) your own mathematical function. The system includes many of the most useful predefined rules you can use right after installing the system.

The list of Rules is in the table with the following columns:

• Rule name - unique Rule name

• Rule type - specified by the user

  • Performance,

  • Security,

  • Visibility.

• Tactic - specified in MITRE ATT&CK® https://attack.mitre.org

• Technique - specified in MITRE ATT&CK® https://attack.mitre.org

• Score - alert severity on a scale of 1- 10 where:

  • score 1-2 means “info”

  • score 3-4 means “low”

  • score 5-6 means “medium”

  • score 7-8 means “high”

  • score 9-10 means “critical”

• Created by - the name of the user who created the Rule

• Creation Time - creation time

• Modified By - the name of the user who last modified the Dashboard

• Modification Time - last modification time

• Tags - assigned tags

• Active - status active/inactive

• Privacy - privacy status icon

• Shared - the name of the user who shared the Rule

• Action

  • Edit - edit an existing Rule
  • Duplicate - create an editable copy of the selected Rule
  • Export - export Rule to JSON format
  • Delete - delete