Skip Navigation

Create and manage detection rules and exclusions

If you want to clone and modify an existing detection rule, or create your own custom rule, review the following topics and the sample detection rule to understand the format and options for CAE rules:
  1. In the management console, on the menu, click
    CylanceOPTICS > Configurations
    .
  2. Hover over
    Configurations
    on the top menu bar and click
    Detection Rules
    .
    You can sort and filter the available detection rules and view information for each rule.
  3. Do any of the following:
    Task
    Steps
    Export a rule to a .json file
    You can export detection rules from any of the following rule categories: Custom,
    Cylance
    Experimental,
    Cylance
    Exclusion,
    Cylance
    macOS
    Official,
    Cylance
    Windows
    Official.
    Click the export icon for a rule.
    Import a custom detection rule from a .json file
    1. Click
      Import Rule
      .
    2. Browse to and select or drag and drop the .json file. Click
      Import
      .
    3. Change the rule configuration and syntax as required.
    4. Click
      Validate
      .
    5. Click
      Publish
      .
    To edit a custom rule after it has been published, click the edit icon for the rule.
    Clone and modify a detection rule
    You can clone detection rules from any of the following rule categories: Custom,
    Cylance
    Experimental,
    Cylance
    Exclusion,
    Cylance
    macOS
    Official,
    Cylance
    Windows
    Official.
    1. Click the clone icon for a rule.
    2. Change the rule configuration and syntax as required.
    3. Click
      Validate
      .
    4. Click
      Publish
      .
    Delete a custom rule
    You can delete rules from the Custom category only.
    1. Click the delete icon for a rule.
    2. Click
      Confirm Delete
      .