- Get Started with Threat Detection Management
- Analytics Rules
- Analytics Rule Classifications
- Create an Analytics Rule
- Manage Analytics Rules
- Tune Analytics Rules
- Find Analytics Rules
- Share Analytics Rules
- Troubleshoot Analytics Rules
- Analytics Rules Syntax
- Advanced Analytics Rule Syntax vs. Analytics Rule Syntax
- Logical Expressions in Analytics Rule Syntax'
- String Operations Using Analytics Rule Syntax
- Integer Operations Using Analytics Rule Syntax
- Time Operations Using Analytics Rule Syntax
- Network Operations Using Analytics Rule Syntax
- Context Operations Using Analytics Rule Syntax
- Entity Operations Using Analytics Rule Syntax
- Correlation Rule Operations Using Analytics Rule Syntax
- Analytics Engine Status
- Correlation Rules
- Correlation Rule Sequences
- Correlation Rules Templates
- Create Correlation Rules
- Create a Correlation Rule Using the Exabeam Nova Rule Creator
- Create a Correlation Rule from Scratch Using the Manual Rule Creator
- Create a Correlation Rule from a Template
- Create a Correlation Rule from Search
- Group by Field in Correlation Rules
- Detect Absent Events or Fields Using Correlation Rules
- Granular Suppression
- Correlation Rule Evaluation Delay
- Manage Correlation Rules
- Find Correlation Rules
- Share Correlation Rules
- View Correlation Rules Metrics
- Threat Scoring
Create an Analytics Rule Using Exabeam Nova Rule Creator
Create an analytics rule by prompting Exabeam Nova with natural language descriptions of the analytics rule you want to create.
In the Analytics Rule tab, click + New Rule, then select Exabeam Nova Rule Creator.
In Describe the rule you want to create, enter a natural language description of the analytics rule you want to create. For best results, ensure that you mention:
The activity the analytics rule detects; for example, abnormal inbound network activity traffic or malicious IIS module installation
The conditions that trigger the analytics rules; for example, appcmd.exe is run to install or add an IIS native-code module
The time frame of the trigger activity; for example, total bytes in per source IP exceeding 500 MB in a one-day window
Any conditions that suppress the analytics rule from triggering; for example, when other analytics rules trigger or a specific field value.
To help you get started, Exabeam Nova Rule Creator lists a number of clickable example prompts. When you click on an example prompt, it automatically populates the text input box, which you can then send to Exabeam Nova or customize.
To send the description to Exabeam Nova Rule Creator, click
. Exabeam Nova Rule Creator validates whether your description meets analytics rule field requirements, then generates a draft of the analytics rule.Review the analytics rule draft. To continue tuning the analytics rule, continue prompting Exabeam Nova Rule Creator with the changes you want to see in the analytics rule.
You can also ask Exabeam Nova Rule Creator other questions about Threat Detection Management and analytics rules; for example, what the different analytics rule types are, or what an analytics rule field does.
To create the analytics rule, click Create Rule.