scoutTHREAT - Entity Extraction Rules
Written by Benjamin Dewey
Updated over a week ago

The Entity Extraction Rules section of scoutTHREAT enables analysts to edit or create rules for pulling or rejecting specific Observables (artifacts) from Information Reports.

The ability to customize extraction rules can greatly aid in intelligence gathering, but it is recommended that users only edit the content of these rules if they are familiar with Regular Expressions (See Regular expression for more information).

Regular Expressions Reference

The substitution rule format is: value_to_substitute, new_value.

To separate multiple rules use the "pipe" character (|) as a delimiter.

Ignored values: the "pipe" character (|) as a delimiter.

Related Content


Did this answer your question?