Creating a Threat Detection rules involves naming and configuring the rule, and then starting the rule. In some rule types, you can include multiple values, such as of IP addresses, domain, locations, or email addresses, so you might want to create a Shield list of those values instead of adding all the individual values to the rule.
- Go to Admin Console > Shield.
- Click the Detection Rules tab.
- Click Create Rule ().
- Click the detection rule type you want to create.
- On the Create [rule type] Rule page, enter a Rule Name and Description and configure the rule. Specifically:
- For Malicious Content, decide if you want to enable deep scan and download restrictions.
- For Suspicious Location, configure locations and content to monitor and decide which filters to enable.
- For Suspicious Session, decide which filters to enable.
See Box Shield Threat Detection Rule Settings for additional details about the settings for each rule type.
- Click Next.
- On the Review [rule name] page, review the rule settings.
- Click Start Rule ().