Custom Threat Models
Advanced detection rules, FOLLOWED BY chains, metadata filters, and a ready-to-use rule library — Enterprise only.
4 articles
Custom Threat Models Overview
Understand how Enterprise custom threat models let you define detection rules tailored to your application's threat surface.
Last updated: 2026-03-11
Metadata Filtering & Field Reference
Learn how to target nested JSONB fields like metadata.service or metadata.network_intelligence.is_vpn in your custom threat model conditions.
Last updated: 2026-03-11
Operator Reference
Complete reference for all condition operators: equals, contains, not_in, regex, exists, and numeric comparisons.
Last updated: 2026-03-11
Recommended Enterprise Rule Library
Ready-to-use Enterprise detection rules: compromised accounts, data exfiltration, SSH botnets, credential stuffing, and more.
Last updated: 2026-03-11