Create and manage detection rules and exclusions
If you want to clone and modify an existing detection rule, or create your own custom rule, review the following topics and the sample detection rule to understand the format and options for CAE rules:
- In the management console, on the menu, clickCylanceOPTICS > Configurations, then click theRulestab.You can sort and filter the available detection rules and view information for each rule.
- Do any of the following:TaskStepsExport a rule to a .json file.You can export detection rules from any of the following rule categories: Custom,CylanceExperimental,CylanceExclusion,CylancemacOSOfficial,CylanceWindowsOfficial.Click
for a rule.
Import a custom detection rule from a .json file.- ClickImport Rule.
- Browse to and select or drag and drop the .json file. ClickImport.
- Change the rule configuration and syntax as required.
- ClickValidate.
- ClickPublish.
To edit a custom rule after it has been published, clickfor the rule.
Clone and modify a detection rule.You can clone detection rules from any of the following rule categories: Custom,CylanceExperimental,CylanceExclusion,CylancemacOSOfficial,CylanceWindowsOfficial.- Click
for a rule.
- Change the rule configuration and syntax as required.
- ClickValidate.
- ClickPublish.
Delete a custom rule.You can delete rules from the Custom category only.- Click
for a rule.
- ClickConfirm Delete.