- Welcome to Threat Detection Management
- Analytics Rules
- Correlation Rules
- Threat Scoring
Correlation Rules Templates
If you don't want to create a correlation rule from scratch, use a pre-built template.
Correlation Rules templates are correlation rules with a predefined search query and condition. You use them as a starting point for creating your own correlation rule.
To view correlation rules templates, in the Detection Management Correlation Rules tab, click Templates. To sort the templates, click a column header. You can sort correlation rule templates by any column except DESCRIPTION. To filter correlation rule templates by use case or MITRE ATT&CK® tactic, click the filter 
. To view the details of a template, click Details.
Some correlation rule templates duplicate existing Advanced Analytics fact-based rules. Find the latest list of Correlation Rule templates in the CIM Library. When you use these templates to create a rule, it's best that you customize the rule. If you enable the rule as is, one event triggers two rules and results in two outcomes: one from Advanced Analytics and another from Correlation Rules.