The Entity Extraction Rules section of scoutTHREAT enables analysts to edit or create rules for pulling or rejecting specific Observables (artifacts) from Information Reports.
β
The ability to customize extraction rules can greatly aid in intelligence gathering, but it is recommended that users only edit the content of these rules if they are familiar with Regular Expressions (See Regular expression for more information).
β
Regular Expressions Reference
The substitution rule format is: value_to_substitute, new_value.
To separate multiple rules use the "pipe" character (|
) as a delimiter.
Ignored values: the "pipe" character (|
) as a delimiter.
Related Content
β
β