Creating an IOA rule based on event search conditions

To create an IOA rule based on event search conditions:

1. Select the Threat Hunting section in the program web interface window.

   The event search form opens.

2. Perform an event search using design mode or source code mode.
3. Click the Save as IOA rule button.

   The Save window opens.

4. In the New IOA rule name field, enter the name of the IOA rule.
5. Click the Save button.

The event search condition will be saved. The new IOA rule with the specified name is displayed in the IOC/IOA Analysis section, IOA Analysis subsection.

See also Events database threat hunting Searching events using design mode Searching events using source code mode Changing the event search conditions Uploading an IOC file and searching for events based on conditions defined in the IOC file

Page top