Alerting service

In addition to indexing, the Knowledge Base also provides an alerting mechanism allowing you to define your own set of rules for which you want to be pro-actively notified. Rules are defined in a similar way to the query language and support the same rich set of features:

• Host features

• Network features

• String features

• Memory features

• Detection features

These features can be combined into rules driven by the user interest: interest for certain IoCs, interest for certain company assets to be monitored, or other potential use cases. The rule language offers a higher flexibility than the query language and supports most of construction allowed by regular expressions so the user can expand the rule coverage. See Search page for complete reference of the query language. The extensions supported by the rule language are described in Matching rules page.