Define rate limits

You can define the rate that different types of lookups are performed to balance the load in your lookup queue. Conditions defined in the rate limit determine whether the rate limits are applied to queued entries.

Before you begin

Role required: sn_vul.admin

Procedure

  1. Navigate to Threat Intelligence > IoC Lookup > Rate Limit Definitions.
  2. Click New.
  3. Fill in the fields on the form, as appropriate.
    Table 1. Rate limit definition
    Field Description
    Name Provide a descriptive name that identifies the conditions the queue entry must meet. For example, Requests per minute or IP/URL/File requests per hour.
    Queue conditions Enter conditions used to determine whether a queued lookup entry is subject to this rate limit. The conditions should not be specific to a particular lookup source.
    Evaluation script Write a script with the logic to evaluate the queued entry. It is important that the script return true/false to define whether the entry is processed. Also, the evaluation script is based on the queued entry being evaluated.
  4. Click Submit.

Example

An example of a rate limit definition: