Threat Detection ManagementThreat Detection Management Guide

Correlation Rules templates are correlation rules with a predefined search query and condition. You use them as a starting point for creating your own correlation rule.

To view correlation rules templates, in the Threat Detection Management Correlation Rules tab, click Templates. To sort the templates, click a column header. You can sort correlation rule templates by any column except DESCRIPTION. To filter correlation rule templates by use case or MITRE ATT&CK^® tactic, click the filter . To view the details of a template, click Details.

Some correlation rule templates duplicate existing Advanced Analytics fact-based rules. Find the latest list of Correlation Rule templates in the CIM Library. When you use these templates to create a rule, it's best that you customize the rule. If you enable the rule as is, one event triggers two rules and results in two outcomes: one from Advanced Analytics and another from Correlation Rules.