Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Create an Incident Scoring Rule

You can create rules for incidents by defining the matching condition and corresponding actions to take when a condition is met.

To create a rule for scoring incidents:

  1. Select Configure > Insights > Incident Scoring Rules.

    The Incident Scoring Rules page appears.

  2. Click the plus icon (+).

    A page appears, on which you can define the rule’s condition and actions.

  3. In the Rule Description field, enter a unique name for the rule.
  4. In the Condition section:

    1. Select a matching condition from the list: Match Any or Match All.

    2. Select the type of incident from the list: File Hash, Threat Source IP, or URL.

    3. For the selected incident, select mitigated by another event as the condition.

    Note:

    To add multiple conditions, click Add.

  5. In the Action(s) section:

    1. Select a required action from the list, such as Raise or Lower Severity (%), Set Severity (value), or Skip remaining rules.

    2. Based on the action you have selected, provide additional data.

    Note:

    To add multiple actions, click Add.

  6. Click Confirm.

    A new rule is created and listed in the Incident Scoring Rules page.

Click Enable or Disable to either enable the incident scoring rule or disable it.

Related Documentation