Creating Threat Intelligence Rule Types


Threat Stack alerts you about problem connections and runs scans of the environments that have the agent installed to alert you to problem package installs.  

To create a Threat Intelligence rule type:

1. Select Threat Intelligence rule from the table list. 

2. Choose the severity of the alert (Black).

3. Define a Rule Name (Red).

4. Define an Alert Title (Orange). 

5. Define an Alert Description (Yellow), which can be as simple as mirroring the title, or adding more detail. 

6. Choose whether you want to Aggregate Fields (Green). More on Aggregates here

7. Choose whether you want to group alerts by threshold (Blue). More on Threshold here

8. Click Next: Filter.

The rule will be created and you will be brought into the rule. 

A filter is the heart of the rule where you define the logic for when the alert should fire.   


Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request



Article is closed for comments.