Create and manage detection rules and exclusions
If you want to clone and modify an existing detection rule, or create your own custom rule, review the following topics and the sample detection rule to understand the format and options for CAE rules:
- In the management console, on the menu, clickCylanceOPTICS > Configurations, then click theRulestab.You can sort and filter the available detection rules and view information for each rule.
- Do any of the following:TaskStepsExport a rule to a .json file.You can export detection rules from any of the following rule categories: Custom,CylanceExperimental,CylanceExclusion,CylancemacOSOfficial,CylanceWindowsOfficial.Click for a rule.Import a custom detection rule from a .json file.
- ClickImport Rule.
- Browse to and select or drag and drop the .json file. ClickImport.
- Change the rule configuration and syntax as required.
- ClickValidate.
- ClickPublish.
To edit a custom rule after it has been published, click for the rule.Clone and modify a detection rule.You can clone detection rules from any of the following rule categories: Custom,CylanceExperimental,CylanceExclusion,CylancemacOSOfficial,CylanceWindowsOfficial.- Click for a rule.
- Change the rule configuration and syntax as required.
- ClickValidate.
- ClickPublish.
Delete a custom rule.You can delete rules from the Custom category only.- Click for a rule.
- ClickConfirm Delete.