Threat Detection ManagementThreat Detection Management Guide

Analytics rule groups classify analytics rules by statistical relationship; for example, all rules that detect the first application login from an endpoint are under the First source host for application login group.

Analytics rule groups are a lower-level classification under families. To view the complete list of analytics rule groups, create or edit an analytics rule using the builder, then navigate to the step where you assign the rule to a group.