Skip to main content

Responses are generated using AI and may contain mistakes.

Threat Detection ManagementThreat Detection Management Guide

Test Analytics Rules

Test analytics rules and ensure they work as expected. Analytics rules you're testing do not create Threat Center cases or alerts unless they're triggered with other analytics rules that aren't being tested.

Analytics rules you're testing are also not used to calculate Threat Center case and alert risk scores when triggered.

Its severity is automatically changed to None.

  1. In the Analytics Rules tab, select the analytics rules you're testing:

    • To select a single analytics rule, select the rule to view its details, click the More menu The more options menu; three vertical dark grey dots on an off-white background., right-click the analytics rule, or select the checkbox for the analytics rule, then select Testing.

    • To select specific analytics rules, select the checkbox for each rule, then select Testing.

      Three analytics rule selected with the Testing action highlighted in a red rectangle.

    • To select all analytic rules in the list, click the checkbox in the header row, then select Testing.

      All analytics rule in the list selected with the Testing action highlighted in a red rectangle.

  2. If the analytics rule is enabled, you receive a warning that the analytics rule severity is automatically changed to None. Click Change. The change is added to a batch of pending updates.

    If the analytics rule is disabled, the change is automatically added to a batch of pending updates.

  3. Apply the change to your environment.

    After you're done testing the analytics rule, you can remove it from testing by enabling or disabling it.