- Get Started with Threat Detection Management
- Analytics Rules
- Analytics Rule Classifications
- Create an Analytics Rule
- Manage Analytics Rules
- Tune Analytics Rules
- Find Analytics Rules
- Share Analytics Rules
- Troubleshoot Analytics Rules
- Analytics Rules Syntax
- Advanced Analytics Rule Syntax vs. Analytics Rule Syntax
- Logical Expressions in Analytics Rule Syntax'
- String Operations Using Analytics Rule Syntax
- Integer Operations Using Analytics Rule Syntax
- Time Operations Using Analytics Rule Syntax
- Network Operations Using Analytics Rule Syntax
- Context Operations Using Analytics Rule Syntax
- Entity Operations Using Analytics Rule Syntax
- Correlation Rule Operations Using Analytics Rule Syntax
- Analytics Engine Status
- Correlation Rules
- Correlation Rule Sequences
- Correlation Rules Templates
- Create Correlation Rules
- Create a Correlation Rule Using the Exabeam Nova Rule Creator
- Create a Correlation Rule from Scratch Using the Manual Rule Creator
- Create a Correlation Rule from a Template
- Create a Correlation Rule from Search
- Group by Field in Correlation Rules
- Detect Absent Events or Fields Using Correlation Rules
- Granular Suppression
- Correlation Rule Evaluation Delay
- Manage Correlation Rules
- Find Correlation Rules
- Share Correlation Rules
- View Correlation Rules Metrics
- Threat Scoring
Logical Expressions in Analytics Rule Syntax'
Define boolean or other logical relationships using analytics rule syntax.
Expression | Description | Example |
|---|---|---|
|
|
|
|
|
|
|
|
|
| Checks whether |
|
|
An alternative form of the |
|
|
An alternative form of the |
|
| Checks whether all of the arguments The expression form of the |
|
|
|
|
|
|
|
| Checks whether any of the arguments |
|
| Cast operation that converts |
|
| Evaluates An alternative form of |
|
| Evaluates An alternative form of |
|
| Checks whether the value of An alternative form of |
|
| Checks whether the value of An alternative form of |
|
| Checks if all values are defined and non-empty. |
|
| Returns the first expression |
|