Skip to main content

Threat Detection ManagementThreat Detection Management Guide

Edit a Correlation Rule

Change the query, conditions, and outcomes for a correlation rule.

  1. In Threat Detection Management, navigate to the Correlation Rules tab, then select a correlation rule to edit:

    • Click on a correlation rule, then click Edit.

      The edit action highlighted in a red rectangle.

    • For the correlation rule you're editing, click the More menu The more menu; three vertical grey dots on a white background., then select Edit.

  2. Change the query, conditions, and outcomes for the correlation rule.

  3. Review your changes, then click Save.