Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Create an Incident Scoring Rule

You can create rules for incidents by defining the matching condition and corresponding actions to take when a condition is met.

To create a rule for scoring incidents:

  1. Log in to Juniper Security Director Cloud.
  2. Select Shared Services > Insights > Rules > Incident Scoring Rules.

    The Incident Scoring Rules page is displayed.

  3. Click the + icon.

    The New Incident Scoring Rule page is displayed, where you can define rule’s condition and actions.

  4. In the Rule Name field, enter a unique name for the rule and select a matching condition from the list: Match Any or Match All.
  5. In the Condition section:

    1. Select the type of incident from the list: File Hash, Threat Source IP, or URL.

    2. For the selected incident, select mitigated by another event or not mitigated by another event as the condition.

    Note:

    To add multiple conditions, click +.

  6. In the Action section:

    1. Select a required action from the list, such as Raise or Lower Severity, Set Severity (value), or Skip remaining rules.

    2. Based on the action you have selected, provide additional data.

    Note:

    To add multiple actions, click +.
  7. Click OK.

    A new rule is created and listed in the New Incident Scoring Rules page.

Click Enable or Disable to either enable the incident scoring rule or disable it.