Hortonworks Docs » Hortonworks Cybersecurity Platform 1.9.1 » Runbook Prioritizing Threat Intelligence
Runbook Prioritizing Threat Intelligence
Also available as:
PDF

Threat Triage Examples

Threat triage rules identify the conditions in the data source data flow and associate alert scores with those conditions.

Following are some examples of threat triage rules:

Rule 1

If a threat intelligence enrichment type is alerted, imagine that you want to receive an alert score of 5.

Rule 2

If the URL ends with neither .com nor .net, then imagine that you want to receive an alert score of 10.

© 2012–2019, Hortonworks, Inc.
Document licensed under the Creative Commons Attribution ShareAlike 4.0 License.
Hortonworks.com | Documentation | Support | Community