Follow these steps:
Navigate to Workflow -> Entity Extraction Rules. The page will load a table with five existing rules used by scoutTHREAT to extract Observables (artifacts) from Information Reports. Follow the steps below for adding or editing rules.
Adding
1. To add an entity extraction rule, click on + Add Rule.
2. Add the details of the new extraction rule in the required fields, then scroll down to click Add when you're finished.
Your newly created rule will appear on the table.
Editing
1. To edit an entity extraction rule, simply click of its Name from the table.
2. Edit the information in the Edit Entity Extraction Rule window. Again, ensure that you are first familiar with Regular Expressions before altering the content in the fields for Expression, Ignored Values, and Substitution Rules. When you are finished click Update.
Related Content