Create enrichment rules#
Enrichment rules allow you to automatically run enrichers on entities.
A rule must be Enabled for it to take effect. See Manage enrichment rules.
Create an enrichment rule#
Note
Required fields are marked with an asterisk (*).
Start creating a rule:
From the left navigation, select Data configuration
> Rules > Enrichment.Select +.
OR
From the left navigation, select + Create >
Rules > Enrichment rule
Configure the rule#
In the Create enrichment rule view, fill out the following fields:
Field |
Description |
|---|---|
Rule name* |
Name of rule. |
Description |
Short description. Should contain context and information on what this rule does. |
Enabled |
Select this to enable the rule immediately after saving. |
Once done, set filters for your rule.
Set filters#
Set at least one filter for your rule in the Filters section. Rules will only run against entities that match the filters you set.
To add a filter, select + More at the bottom of the section.
Set the following fields for each filter
Field |
Description |
|---|---|
Source |
Select one source. This rule runs against entities that belong to this source. |
Entity types |
Select one entity type that this rule runs against. |
TLP |
Select one TLP. This rule runs against entities that have this TLP color. |
Next, select the enrichers that this rule will trigger.
Select enrichers#
Select one or more enrichers from the Enrichers* field.
When an entity that matches the filters for this rule is ingested, created, or edited, this rule runs all selected enrichers on that entity.
Save#
Once done:
Select Save to save this rule.
Select Save
> Save and new
to save this rule and start creating a new rule.Select Save
> Save and
duplicate to save this rule and start creating a new
rule using settings from this rule.