About discovery rules

You use discovery filters and rule-based searches to retrieve specific information from selected data sources.

A discovery rule will flag the first 2500 entities that are ingested within a set period of time, which by default is 15 minutes.

If workspace correlation is enabled, entities in the selected workspaces that correlate with ingested entities will also be flagged.
The EclecticIQ Intelligence Center will attempt to find links between these entities. If a relationship is found the new entity is marked as discovered.