- Get Started with Threat Detection Management
- Analytics Rules
- Analytics Rule Classifications
- Create an Analytics Rule
- 1. Define the analytics rule
- 2. Import the analytics rule
- 3. Enable the analytics rule
- 4. Apply the analytics rule to your environment
- factFeature Analytics Rule JSON Configuration
- profiledFeature Analytics Rule JSON Configurationh
- contextFeature Analytics Rule JSON Configuration
- numericCountProfiledFeature Analytics Rule JSON Configuration
- numericDistinctCountProfiledFeature Analytics Rule JSON Configuration
- numericSumProfiledFeature Analytics Rule JSON Configuration
- Manage Analytics Rules
- Tune Analytics Rules
- Share Analytics Rules
- Troubleshoot Analytics Rules
- Analytics Rules Syntax
- Advanced Analytics Rule Syntax vs. Analytics Rule Syntax
- Logical Expressions in Analytics Rule Syntax
- String Operations Using Analytics Rule Syntax
- Integer Operations Using Analytics Rule Syntax
- Time Operations Using Analytics Rule Syntax
- Network Operations Using Analytics Rule Syntax
- Context Operations Using Analytics Rule Syntax
- Entity Operations Using Analytics Rule Syntax
- Correlation Rule Operations Using Analytics Rule Syntax
- Monitor the Analytics Engine
- Correlation Rules
- Threat Scoring
Enable or Disable Correlation Rules
Enable rules to activate them or disable rules to deactivate them without deleting them.
In Threat Detection Management, navigate to the Correlation Rules tab, then select correlation rules to enable or disable:
To select all rules, click the checkbox in the header row, then click Enable or Disable.
To select multiple rules, click the checkbox for each rule you're enabling or disabling, then click Enable or Disable.
Click on a single rule, then click Enable or Disable.
For a single rule, click the More menu, then select Enable or Disable.
Click Enable or Disable.
If the rule is configured to be enabled in test mode, its Enabled status is marked with a yellow triangle under the STATUS column.
By default, only 200 sequences can be enabled at any given moment. If the rules you're enabling exceeds this limit, you receive an error and must reduce the number of rules you're enabling.