scoutTHREAT - TICE: Adding Rules Manually
Written by Benjamin Dewey
Updated over a week ago

Follow these steps:

1. In the TICE Module, navigate to Rule Manager.

2. If any rules already exist, they will load on the page.

3. Next, click on add rule.

4. New rules automatically get a checkmark to the Activate box. If you do not want the rule to apply right away, uncheck the box.

5. Give your rule a name that can identity its purpose.

6. Then, select from the Rule action drop-down if the rule is set to automatically Approve or Reject the intelligence data.

7. Next, add a Rule condition. In the example below the text, `object.type == "malware"` is JXEL code. The code is telling TICE to filter and automatically approve `malware` intelligence data.

8. Finally, add a Rule description in plain language about what or why the rule is being added. For example, "This rule will allow for all intelligence about malware to automatically download to my scoutTHREAT system."

9. Click Save Rule.

10. To deactivate a rule, click on its name from the Rule Manager page and uncheck the Active box, then click Save Rule.

Helpful article:

Related Content

Did this answer your question?