Rules | Enrichment | Create#

You can configure an Enrichment rules to:

  • enrich new matching Entities as they are ingested.

  • periodically enrich existing Entities to capture context newly available from the enricher.

  • do both; that is, enrich new Entities as well as periodically enrich existing Entities.

Create Enrichment rules#

  1. From the left sidebar, select Data configuration Data configuration icon > Rules > Enrichment.

  2. In the top right corner, select + Create Rule.

  3. Enter a Name.

  4. (Optional) Enter a Description.

  5. From the Enrichers drop-down menu, select the enrichers you would like to run with this rule.

  6. Select either:

    • the Enable enrichment on new data checkbox to enrich matching Entities as they come in,

    • the Enable enrichment on existing data checkbox to periodically re-enrich existing Entities,

    • or both checkboxes.

  7. If you selected the Enable enrichment on existing data checkbox, the enricher will run according to the Execution schedule you set and include for which the Timestamp of the type you select fall within the scope you select in the Enrich data from drop-down menu.

  8. Set at least one filter by selecting an option for each of the three filter criteria (Source, Entity type, and TLP) in the drop-down menus.

  9. (Optional) Select Add filter to add additional filters.

The enrichment rule will add data from the enrichers you selected to any Entity that matches at least one of the filters (and falls within the data scope you set in the case of enriching existing data).