Creating custom IOA rules

To create a new custom rule:

1. In the main menu, go to MONITORING & REPORTING → CUSTOM RULES.
2. Go to Custom IOA rules tab.
3. Click the New rule button.
4. In the window that opens, fill in the required fields and optional ones, if needed.
5. Click the Create button.

The custom IOA rule is created. You can also create IOA rules from queries in the Threat hunting section. If you do not want to use a created rule for scanning events, you can disable or delete it.

Page top