Skip to main content

Responses are generated using AI and may contain mistakes.

Threat Detection ManagementThreat Detection Management Guide

Clone a Correlation Rule

Clone an existing rule as a starting point for a new correlation rule.

  1. In Threat Detection Management, navigate to the Correlation Rules tab, then select a correlation rule to clone:

    • Click on a correlation rule, then click Clone.

      The action to clone a correlation rule highlighted in a red rectangle.

    • For the correlation rule you're cloning, click the More menu The more menu; three vertical grey dots on a white background., then select Clone.

  2. Name the new correlation rule.

  3. Click Clone. The new correlation rule is created in Disabled status. To customize the rule, edit the correlation rule.