Skip to main content

Attack Surface InsightsAttack Surface Insights Guide

Edit an Attack Surface Insights Rule

Change the name, description, condition, actions, and enabled status for an Attack Surface Insights rule.

You can only edit the description and conditions of a pre-built rule. You can't edit the name and actions of a pre-built rule.

  1. In Attack Surface Insights, click Set Rules.

    The Set Rules button highlighted in a red rectangle.

  2. For a rule, click the More menu The more options menu; three vertical dark grey dots on an off-white background., then select Edit.

  3. Edit the rule properties:

    • Rule name – Enter the rule name.

    • Description – Enter a description of the rule.

    • Entity Type – Verify the entity type to which the rule applies.

    • Condition – Determine the events on which your rule triggers using search. Like searching for an entity, you can choose to build or enter a query.

    • Actions – Specify the tags and security criticality assigned to relevant entities when the rule triggers.

      • In Tags, specify up to 20 tags. Select from the list of existing tags or create a new one. To create a new tag, start typing, then click Add "<tag>".

      • In Security Criticality, select a security criticality: Low, Medium, or High.

    • Enabled – If the rule is automatically enabled after it's edited, select the checkbox.

  4. Click Save.