- Get Started with Threat Detection Management
- Analytics Rules
- Analytics Rule Classifications
- Create an Analytics Rule
- Manage Analytics Rules
- Tune Analytics Rules
- Share Analytics Rules
- Troubleshoot Analytics Rules
- Analytics Rules Syntax
- Advanced Analytics Rule Syntax vs. Analytics Rule Syntax
- Logical Expressions in Analytics Rule Syntax
- String Operations Using Analytics Rule Syntax
- Integer Operations Using Analytics Rule Syntax
- Time Operations Using Analytics Rule Syntax
- Network Operations Using Analytics Rule Syntax
- Context Operations Using Analytics Rule Syntax
- Entity Operations Using Analytics Rule Syntax
- Correlation Rule Operations Using Analytics Rule Syntax
- Analytics Engine Status
- Correlation Rules
- Threat Scoring
PrevNext
Manage Correlation Rules
After you create correlation rules, you can clone, delete, edit, enable, disable, or delete them.
Preview Correlation Rule Details
Quickly view a summary of a correlation rule.
Change the query, conditions, and outcomes for a correlation rule.
To test a correlation rule and ensure it works as you expect, enable the rule in test mode.
Enable or Disable Correlation Rules
Enable rules to activate them or disable rules to deactivate them without deleting them.
Clone an existing rule as a starting point for a new correlation rule.
Delete multiple correlation rules or a single correlation rule you no longer need.