Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Create an Incident Scoring Rule

 

You can create rules for incidents by defining the matching condition and corresponding actions to take when a condition is met.

To create a rule for scoring incidents:

  1. Select Configure > Insights > Incident Scoring Rules.

    The Incident Scoring Rules page appears.

  2. Click the plus icon (+).

    A page appears, on which you can define the rule’s condition and actions.

  3. In the Rule Description field, enter a unique name for the rule.
  4. In the Condition section:

    1. Select a matching condition from the list: Match Any or Match All.

    2. Select the type of incident from the list: File Hash, Threat Source IP, or URL.

    3. For the selected incident, select mitigated by another event as the condition.

    Note

    To add multiple conditions, click Add.

  5. In the Action(s) section:

    1. Select a required action from the list, such as Raise or Lower Severity (%), Set Severity (value), or Skip remaining rules.

    2. Based on the action you have selected, provide additional data.

    Note

    To add multiple actions, click Add.

  6. Click Confirm.

    A new rule is created and listed in the Incident Scoring Rules page.

Click Enable or Disable to either enable the incident scoring rule or disable it.

Related Documentation