Automation Rules
Rules are configurable sets of instructions that perform automated tasks for defined conditions. Intel Exchange offers rules to build automated tasks, such as triggering a playbook in Orchestrate, updating false positives in Intel Exchange, and more. Furthermore, a rule can be used to direct an automatic action to block a malicious indicator. You can create up to 1000 rules out of which 100 can be active at any given moment.
Note
Configuring rules for all sources and collections are no longer supported in Intel Exchange 3.2.1.0 and higher versions.
Any existing rules configured for all sources and collections are disabled, and analysts have to configure them again with the required sources and collections.
Note
Read-only users do not have permission to perform create and update actions on the Rules module.
Intel Exchange enables analysts to configure rules to:
Reduce the time spent identifying the relevant threat intel.
Automate the process of manually performing detection for actioning critical IOCs and blocking them.
Increase your analysts' focus on critical IOC.
Feature availability matrix
CTIX Enterprise | CTIX Lite | CTIX Spoke |
|---|---|---|
Yes | No | No |