- Get Started with Threat Detection Management
- Analytics Rules
- Analytics Rule Classifications
- Create an Analytics Rule
- Manage Analytics Rules
- Tune Analytics Rules
- Find Analytics Rules
- Share Analytics Rules
- Troubleshoot Analytics Rules
- Analytics Rules Syntax
- Advanced Analytics Rule Syntax vs. Analytics Rule Syntax
- Logical Expressions in Analytics Rule Syntax
- String Operations Using Analytics Rule Syntax
- Integer Operations Using Analytics Rule Syntax
- Time Operations Using Analytics Rule Syntax
- Network Operations Using Analytics Rule Syntax
- Context Operations Using Analytics Rule Syntax
- Entity Operations Using Analytics Rule Syntax
- Correlation Rule Operations Using Analytics Rule Syntax
- Analytics Engine Status
- Correlation Rules
- Threat Scoring
Analytics Rule Families
Get to know analytics rule families, categories of analytics rules organized by the type of event they evaluate.
Analytics rule families are a top-level classification that organizes analytics rules into general categories. Each family describes the type of event the analytics rule evaluates; for example, authentication activity events or web activity events. Under each family, analytics rules are further classified into groups.
The family to which an analytics rule belongs affects the rarity score the analytics engine calculates when the analytics rule triggers. The analytics engine learns the pattern of triggers for each analytics rule family and learns to prioritize or de-prioritize certain families accordingly. If analytics rules in a family trigger very often, the analytics engine learns that these events are common and lowers the rarity score for analytics rule triggered in that family. If analytics rules in a family trigger seldomly, the analytics engine learns that these events are rare and increases the rarity score for analytics rule triggered in that family.
To view the complete list of analytics rule families, create or edit an analytics rule using the builder, then navigate to the step where you assign the rule to a family.