- Get Started with Threat Detection Management
- Analytics Rules
- Analytics Rule Classifications
- Create an Analytics Rule
- Manage Analytics Rules
- Tune Analytics Rules
- Share Analytics Rules
- Troubleshoot Analytics Rules
- Analytics Rules Syntax
- Advanced Analytics Rule Syntax vs. Analytics Rule Syntax
- Logical Expressions in Analytics Rule Syntax
- String Operations Using Analytics Rule Syntax
- Integer Operations Using Analytics Rule Syntax
- Time Operations Using Analytics Rule Syntax
- Network Operations Using Analytics Rule Syntax
- Context Operations Using Analytics Rule Syntax
- Entity Operations Using Analytics Rule Syntax
- Correlation Rule Operations Using Analytics Rule Syntax
- Analytics Engine Status
- Correlation Rules
- Threat Scoring
Edit an Analytics Rule
Edit a custom analytics rule you created.
You can edit custom analytics rules only. You can't edit pre-built analytics rules.
For the custom analytics rule you're editing:
Click the More menu
, then select Edit.Right-click the analytics rule, then select Edit.
Select the checkbox for the analytics rule, then select Edit.
To change the analytics rule name and type, applicable data sources, detection logic and conditions, or baseline and training, click
. When you've completed all changes to these configurations, click Next.Under Rule Details, you can change other analytics rule details like rule description, contextual rule definition, rule family and group, rule template ID, and associated Exabeam use cases and MITRE ATT&CK® tactics and techniques.
Click Save.
If the analytics rule is enabled, the change is added to a batch of pending changes, and you must apply the change to your environment.