- Get Started with Threat Detection Management
- Analytics Rules
- Analytics Rule Classifications
- Create an Analytics Rule
- 1. Define the analytics rule
- 2. Import the analytics rule
- 3. Enable the analytics rule
- 4. Apply the analytics rule to your environment
- factFeature Analytics Rule JSON Configuration
- profiledFeature Analytics Rule JSON Configurationh
- contextFeature Analytics Rule JSON Configuration
- numericCountProfiledFeature Analytics Rule JSON Configuration
- numericDistinctCountProfiledFeature Analytics Rule JSON Configuration
- numericSumProfiledFeature Analytics Rule JSON Configuration
- Manage Analytics Rules
- Tune Analytics Rules
- Share Analytics Rules
- Troubleshoot Analytics Rules
- Analytics Rules Syntax
- Advanced Analytics Rule Syntax vs. Analytics Rule Syntax
- Logical Expressions in Analytics Rule Syntax
- String Operations Using Analytics Rule Syntax
- Integer Operations Using Analytics Rule Syntax
- Time Operations Using Analytics Rule Syntax
- Network Operations Using Analytics Rule Syntax
- Context Operations Using Analytics Rule Syntax
- Entity Operations Using Analytics Rule Syntax
- Correlation Rule Operations Using Analytics Rule Syntax
- Monitor the Analytics Engine
- Correlation Rules
- Threat Scoring
Export Analytics Rules
Export analytics rules to use as a starting point to create your own analytics rule or to share with team members and other stakeholders.
You can only export custom analytics rules. You can't export pre-built analytics rules.
You can export a single analytics rule or multiple analytics rules at once.
Export an Analytics Rule
On the Analytics Rules tab, click the More menu
for an entity, or right-click the entity.Select Export. The analytics rule is downloaded to your file system in a JSON format. You can now import the analytics rule to another environment.
Export Multiple Analytics Rules
On the Analytics Rules tab, determine which analytics rules you're exporting:
To select all analytics rules, click the checkbox in the header row.
To select specific analytics rules, click the checkbox for each analytics rule.
Click Export analytics rules
.Edit the file name for the exported rules. By default, the name is Exabeam_analytics_rules--<current year>-<current month>-<current day>T<current UTC time>Z
Select which rules you're exporting:
Selected – Export the rules whose checkboxes you selected.
All Custom Rules – Export all existing custom analytics rules.
Click Export Rules. The selected correlation rules are exported to a JSON file and downloaded to your file system. You can now import the correlation rules into another environment.