Brand Security Scenario Rule Conditions
This topic describes the conditions that you can use to create rules and the default rules provided for the brand security scenarios. Brand security includes the following scenarios:
Twitter chatter
Twitter chatter - conditions
The following table describes the conditions that you can use to create rules. When using a regular expression, don't surround the expression with quotation marks.
| Features | Operator | Value | Description |
|---|---|---|---|
| Asset tags | in/not in | Select tags | Are any of the threat's matched assets tagged with any of the specified tags? |
| Author display name | contains/does not contain | "regex list" | Does the author display name contain a specific pattern (can be expressed as a regex list)? |
| Author followers | =, !=, >=, <=, >, < | Type a number | How many followers does the author have? |
| Author following | =, !=, >=, <=, >, < | Type a number | How many accounts does the author follow? |
| Author tweet count | =, !=, >=, <=, >, < | Type a number | How many tweets has the author made? |
| Author user name (the user handle, for example @johnrdoe) | contains/does not contain | "regex list" (do not include the "@" sign) | Does the unique author user name ("handle" starting with "@") contain a specific pattern (can be expressed as a regex list)? |
| Content | contains/does not contain | "regex list" | Does the tweet content contain a specific pattern (can be expressed as a regex list)? |
| Content | contains/does not contain | Keyword list | Does the tweet content contain keywords from a list. The list is prepopulated. You can add words (separated by a comma or a semicolon) or remove words in the list. |
| Content language | in multiple/not in multiple | Select languages | Is the tweet content written in a specified language? |
| Matched asset | in multiple/not in multiple | Select domains to match | Does the tweet content contain a domain name asset? |
| Verified author | is/is not | Select whether the author is verified or not | Is the author using a verified account? |
Default rule
The following table lists the rules that are provided to get you started quickly. By default, the rule is disabled, so you will not receive alerts until the rule is enabled.
| Rule name | Description of match | Default state |
|---|---|---|
| Twitter Chatter (Cyber) - Default Detection Rule | Suspicious Twitter chatter was detected by the internal Threat Command detection algorithm. | Disabled |
Twitter suspicious profiles
Twitter suspicious profiles - conditions
The following table describes the conditions that you can use to create rules. When using a regular expression, don't surround the expression with quotation marks.
| Features | Operator | Value | Description |
|---|---|---|---|
| Detection algorithm | identified/did not identify | An unauthorized Twitter account | Did the Threat Command internal algorithm identify an unauthorized Twitter account? |
| Asset name | in/not in | Select company assets | Does the profile match a specific company asset? |
| Asset tags | in/not in | Select tags | Are any of the threat's matched assets tagged with any of the specified tags? |
| Days since join date | =, !=, >=, <=, >, < | Type a number | Was the profile created on a specific date? |
| Days since last post | =, !=, >=, <=, >, < | Type a number | Was the profile's last post on a specific date? |
| Number of followers | =, !=, >=, <=, >, < | Type a number | Does the profile have a specific number of followers? |
| Number of following | =, !=, >=, <=, >, < | Type a number | Does the profile follow a specific number of accounts? |
| Profile description | contains/does not contain | "regex list" | Does the profile's description contain a pattern (can be expressed as a regular expression)? |
| Profile name | contains/does not contain | "regex list" | Does the profile name contain a pattern (can be expressed as a regular expression)? |
| Profile name | contains/does not contain | Company Name Asset | Does the profile name contain a name that is listed in the Company Names asset? |
| Profile name | is/is not | Related to official company website | Do the results of searching the found profile (on Bing) include any websites whose URL contains the company domain? |
| Profile picture | is/is not | Similar to company logo | Is the profile picture similar to a company logo? |
| Profile picture | is/is not | Similar to a person's image | Is the profile picture the image of a face? |
Default rule
The following table lists the rules that are provided to get you started quickly.
| Rule name | Description of match | Default state |
|---|---|---|
| Twitter Unauthorized Account - Default Detection Rule | A suspicious profile was detected by the internal Threat Command detection algorithm. | Enabled |
Did this page help you?