The Rules Engine in TISC offers various functionalities to streamline data management and enhance threat intelligence.

• Approval Rules: Users can configure approval rules to manage how imported data is reviewed and approved.
• Expiration Rules: Users can define expiration rules for observables or combinations of source objects to ensure timely lifecycle management of intelligence records.
• Inbound Data Exclusion Rules: The engine supports the creation of exclusion rules to filter out unwanted or irrelevant incoming data before it enters the system.
• Custom Threat Score Calculator: A transparent, criteria-based severity scoring of observables is possible with the Custom Threat Score Calculator, which automatically calculates threat scores based on the configured logic.
• MITRE ATT&CK Technique Extraction: The Rules Engine can automatically extract MITRE ATT&CK techniques from ingested observables and threat lookup results, enhancing enrichment and contextual understanding.