Importing custom rules

The Behavioral Detection Engine supports importing custom detection rules in .json format. In the

Cylance

console, you can import custom detection rules into custom rule groups from the CylanceOPTICS
> Behavioral Detection Engine > Custom Rules
tab. You can also export legacy rule sets in .json format and import them.

Before you import a custom detection rule, create a custom rule group. The custom rule group that you created appears as a card on the Custom Rules
screen.

Use these steps to export the legacy rule sets from the

Cylance

console, create a custom rule group, and then import the legacy rule sets to the custom rule group:

Navigate to CylanceOPTICS
> Configurations > Rules
.

Beside the rule that you want to export, click Export
and save the .json file with the rule conditions.

Screenshot of exporting legacy rule sets from legacy Rules screen.

Navigate to CylanceOPTICS
> Behavioral Detection Engine > Custom Rules
.

In the Custom Rule
tab, click Add
and then add a new custom rule group.

Click the custom rule group, and then on the right side, click Add > Import custom rules
, and specify the .json file.

Screenshot of the Import Custom Rules dialog

Review the imported rule conditions, verify the target custom rule group, and then click Validate
. After validation, click Add
to complete the import.

On the Behavioral Detection Engine
screen, open the BDE policy > Detection And Response
tab where you can enable alerts, observations, and automated responses for your custom rules. The custom rule group will appear as a new card at the bottom of the Detection And Response
tab when editing a BDE policy, under the Custom rules
section.

Screenshot of the Custom Rules section in the Detection and Response tab