- Get Started with Threat Detection Management
- Analytics Rules
- Analytics Rule Classifications
- Create an Analytics Rule
- Manage Analytics Rules
- Tune Analytics Rules
- Find Analytics Rules
- Share Analytics Rules
- Troubleshoot Analytics Rules
- Analytics Rules Syntax
- Advanced Analytics Rule Syntax vs. Analytics Rule Syntax
- Logical Expressions in Analytics Rule Syntax
- String Operations Using Analytics Rule Syntax
- Integer Operations Using Analytics Rule Syntax
- Time Operations Using Analytics Rule Syntax
- Network Operations Using Analytics Rule Syntax
- Context Operations Using Analytics Rule Syntax
- Entity Operations Using Analytics Rule Syntax
- Correlation Rule Operations Using Analytics Rule Syntax
- Analytics Engine Status
- Correlation Rules
- Threat Scoring
For an eligible column, click the filter
.You can filter analytics rules by:
Author – Who created the analytics rule. For pre-built analytics rules, the author is Exabeam
.Family name – The analytics rule family to which the analytics rule belongs
Rule type – The analytics rule type
Use case – The Exabeam use case associated with the analytics rule
MITRE – The MITRE ATT&CK® tactic associated with the analytics rule[2]
Status – The state of the analytics rule:
Enabled – The analytics rule is enabled.
Disabled – The analytics rule is disabled.
Stopped – The analytics rule has triggered more than 50 times in five minutes and has automatically been disabled.
Testing – The analytics rule is enabled in test mode and its outcomes are suppressed.
Update – How the analytics rule is changed with pending updates:
Update – The rule is modified with the update.
Obsolete – The rule is removed with the update.
None – The rule is not affected by the update.
Compatibility – Whether the analytics rule has any errors. To ensure the analytics engine runs normally, the analytics engine monitors rule training and evaluation processes and prevents you from enabling analytics rules that are incompatible with your data or are highly likely to generate false positive results. These analytics rules are marked as Incompatible.
Select the attributes the analytics rules should have. To select all values, click Select All.
Click Apply.
[2] MITRE ATT&CK and ATT&CK are trademarks of The MITRE Corporation ("MITRE"). Exabeam is not affiliated with or sponsored or endorsed by MITRE. Nothing herein is a representation of the views or opinions of MITRE or its personnel.