Define expiration rules for various observables or a combination of various source objects or indicators source that are created in TISC.
Before you begin
Every source that is created in the application has an expiry period. The data feeds use the techniques such as time-based expiration period to boost the data ingestion. In TISC, the expiration rules defines the expiration
time for a particular set of data sources or set of types of objects or types of observables.
Role required: sn_sec_tisc.admin
Procedure
-
Navigate to .
-
Select .
The Expiration Rules page displays.
-
Click New.
| Field | Description |
|---|
| Name |
Enter a name for the expiration rule. |
| Description |
Enter a description for the expiration rule. |
| Expiry period (days) |
Specify the time duration after which the data ingested should expire or considered outdated. Enter the expiry period for the observable in days. For example, 100 days. Note: Whatever the data that is
ingested from the source will be expired 100 days after the ingestion. |
| Data Sources |
Indicates the expiration rule for the current data source. Select the list of data sources from the lookup.Note: Do not select this field and make sure to leave it blank if you want to select all the data
sources. If you want to select indicator as an object you must select the object and then select the Type of records value as Indicator. Note: By default,
a sample expiration rule sn_sec_tisc_m2m_entity_rules is provisioned for the users within the base system. For Observables, this sample expiration rule will be in disabled state. You must enable and
activate the rule. To apply the rule on the source records, you must enable the rule. |
| Category |
Indicates the expiration rule category type for the current data source. Select the category type from the drop-down list such as observable or object. |
| Type of Records |
Select the type of records. |
-
Click Enable to enable the expiration rule after you create a new rule.
If you don't enable the expiration rule then the rule will not be applied to the source record.
Note:
- Whenever you enable an expiration rule, then a duplication check happens in the background to verify if there is any duplicate rule in the system with the same combination of data sources and Type of records.
If so, then the application prompts an information message that the rule already contains the same combination of data source and object category and you must modify the existing combination to enable the
rule.
- A sample expiration rule is provisioned for the users in the base system and this Sample Expiration Rule for observable will be in disabled state by default and you must enable and
activate the rule.
-
Click Save.
-
Click Delete if you wish to delete any expiration rule.