Docs
Configuration
Identify
Threat Detection Rules
Configure a Threat Rule

Configure a Threat Rule

Follow these steps to configure a Threat Rule:

  1. Navigate to Configuration | Identify | Threat Rules.
  2. Click + Add Rule.
  3. For Name, enter a descriptive name for your new rule.
  4. If you want the threat rule to show in reports, select the Show in Reports checkmark.
  5. If you want the threat rule to count towards the overall Identity Posture Threat Score, select the Show in Impact Posture checkmark.
  6. For Score, enter an impact number.
  7. For Cyber Framework, specify the specific framework applying to this rule, for example, NIST CSF v2.0.
  8. For Framework Control, enter the control name, for example, for NIST CSF v2.O, it could be PR.AA-03.
  9. Click Add.

You may also edit an existing custom Threat Rule via the edit button. Default Threat Rules can’t be edited.

Use the Rule Matches button to retrieve all accounts that match the specific rule. Rule matching is not available for aggregation rules.

Default RulesAccount Z-Score