Skip to content

Commit 3eb7ec4

Browse files
aHenryJardaHenryJard
committed
Starting documenting decay rules on indicator changes
1 parent 3012b30 commit 3eb7ec4

File tree

3 files changed

+26
-3
lines changed

3 files changed

+26
-3
lines changed

docs/administration/decay-rules.md

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -36,6 +36,9 @@ You will also be able to edit your rule, change all its parameters and order, ac
3636

3737
!!! tip "Indicator decay manager"
3838

39-
Decay rules are only applied, and indicators score updated, if indicator decay manager is enabled (enabled by default).
39+
Decay rules are only applied, and indicators score updated, if [indicator decay manager](../deployment/managers.md) is enabled (enabled by default).
4040

41-
[Please read the dedicated page to have all information](../deployment/managers.md#indicator-decay-manager)
41+
## Related reading:
42+
43+
- [Indicator decay manager](../deployment/managers.md)
44+
- [Decay rules configuration](../administration/decay-rules.md)

docs/deployment/managers.md

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -77,7 +77,9 @@ More information can be found [here](../administration/file-indexing.md).
7777

7878
The indicator decay manager allows to update indicators score automatically based on configured decay rules.
7979

80-
More information can be found [here](../administration/decay-rules.md).
80+
More information can be found:
81+
- [Decay rule configuration](../administration/decay-rules.md).
82+
- [Indicator lifecycle](../usage/indicators-lifecycle.md).
8183

8284
## Trash manager
8385

docs/usage/indicators-lifecycle.md

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -34,6 +34,24 @@ Right next to the indicator score, there is a button `Lifecycle` which enables t
3434

3535
![Indicator lifecycle](./assets/indicators-lifecycle-example-dialog.png)
3636

37+
## How the decay can be impacted indicator updates
38+
39+
The decay rule is a mathematical computation based on:
40+
- valid until
41+
- indicator score
42+
- being revoked or not
43+
44+
### Changing valid until date
45+
46+
### Changing score
47+
48+
### Changing revoke state
49+
3750
## Conclusion
3851

3952
Understanding how OpenCTI calculates validity periods and scores is essential for effective threat intelligence analysis. These rules ensure that your indicators are accurate and up-to-date, providing a reliable foundation for threat intelligence data.
53+
54+
## Related reading:
55+
56+
- [Indicator decay manager](../deployment/managers.md)
57+
- [Decay rules configuration](../administration/decay-rules.md)

0 commit comments

Comments
 (0)