Automation Rules
Rules are configurable sets of instructions that perform automated tasks for defined conditions. CTIX offers rules to build automated tasks, such as triggering a playbook in CSOL, updating false positives in CTIX, and more. Furthermore, a rule can be used to direct an automatic action to block a malicious indicator. You can create up to 1000 rules out of which 100 can be active at any given moment.
Note
Configuring rules for all sources and collections are no longer supported in CTIX 3.2.1.0 and higher versions.
Any existing rules configured for all sources and collections are disabled and analysts have to configure them again with the required sources and collections.
Note
Read-only users do not have permission to perform create and update actions on the Rules module.
CTIX enables analysts to configure rules to:
Reduce the time spent to identify the relevant threat intel.
Automate the process of manually performing detection for actioning critical IOCs and blocking them.
Increase your analysts' focus on critical IOC.
Feature availability matrix
CTIX Enterprise | CTIX Lite | CTIX Spoke |
|---|---|---|
Yes | No | No |