Threat Triage Examples

Threat triage rules identify the conditions in the data source data flow and associate alert scores with those conditions.

Following are some examples of threat triage rules:

Rule 1

If a threat intelligence enrichment type is alerted, imagine that you want to receive an alert score of 5.

Rule 2

If the URL ends with neither .com nor .net, then imagine that you want to receive an alert score of 10.