scoutTHREAT - TICE: JXEL for Creating Rule Conditions

JXEL Code you can use for creating custom rule conditions

B
Written by Benjamin Dewey
Updated over a week ago

LookingGlass can provide you with the Source ID for the MITRE and MISP data feeds. You can use the Source ID when creating a Rule Condition to allow feed intelligence data items to by-pass the validation process and automatically download items to your scoutTHREAT system.


Below are some examples of JXEL that you can use to create rule conditions:

Rule Conditions for Auto Validating Data Feeds
Replace **SOURCEID** with the Source ID provided to you.

source.sourceId.get().toString().equals("ADDSOURCEID")


Rule Conditions for Filtering by Threat Actors

object.type == "threat-actor"


Rule Conditions for Filtering by Word in Object's Title
Replace **WORD** with a word from an object's title. For example, if there is an Information Report or intelligence object with the title, "The DigiHacks Group" you can use "DigiHacks" in the rule condition to auto validate those objects.

object.name.get().contains("WORD")


Rule Conditions for Filtering by Word in Object
Replace **WORD** with a word in the object's description. For example, if there is an Information Report or intelligence object with "Kotton Kandy" in the description, then you can auto validate those objects.

object.description.get().contains("WORD")



Related Content

Did this answer your question?