- Get Started with Threat Detection Management
- Analytics Rules
- Analytics Rule Classifications
- Create an Analytics Rule
- Manage Analytics Rules
- Tune Analytics Rules
- Share Analytics Rules
- Troubleshoot Analytics Rules
- Analytics Rules Syntax
- Advanced Analytics Rule Syntax vs. Analytics Rule Syntax
- Logical Expressions in Analytics Rule Syntax
- String Operations Using Analytics Rule Syntax
- Integer Operations Using Analytics Rule Syntax
- Time Operations Using Analytics Rule Syntax
- Network Operations Using Analytics Rule Syntax
- Context Operations Using Analytics Rule Syntax
- Entity Operations Using Analytics Rule Syntax
- Correlation Rule Operations Using Analytics Rule Syntax
- Analytics Engine Status
- Correlation Rules
- Threat Scoring
Test Analytics Rules
Test analytics rules and ensure they work as expected.
To test analytics rules, adjust the analytics rule severity to None. When the analytics rule severity is None, the analytics rule is not used to calculate Threat Center case and alert risk scores when triggered.
In the Analytics Rules tab, select the analytics rules for which you're adjusting the severity:
To select a single analytics rule, click the More menu
, right-click the analytics rule, or select the checkbox for the analytics rule, then select Adjust Severity.To select specific analytics rules, select the checkbox for each rule, then select Adjust Severity.
To select all analytic rules in the list, click the checkbox in the header row, then select Adjust Severity.
Select None.
Click Update.
If the analytics rules are enabled, the change is added to a batch of pending changes, and you must apply the change to your environment.