- Get Started with Threat Detection Management
- Analytics Rules
- Analytics Rule Classifications
- Create an Analytics Rule
- Manage Analytics Rules
- Tune Analytics Rules
- Share Analytics Rules
- Troubleshoot Analytics Rules
- Analytics Rules Syntax
- Advanced Analytics Rule Syntax vs. Analytics Rule Syntax
- Logical Expressions in Analytics Rule Syntax
- String Operations Using Analytics Rule Syntax
- Integer Operations Using Analytics Rule Syntax
- Time Operations Using Analytics Rule Syntax
- Network Operations Using Analytics Rule Syntax
- Context Operations Using Analytics Rule Syntax
- Entity Operations Using Analytics Rule Syntax
- Correlation Rule Operations Using Analytics Rule Syntax
- Analytics Engine Status
- Correlation Rules
- Threat Scoring
Threat Detection Management Permissions
Review the permissions that determine what you're permitted to see and do in Threat Detection Management.
There are four permissions specific to Threat Detection Management:
If you have universal role-based access, the pre-configured roles are assigned specific Threat Detection Management permissions. To see and do the things you need in Threat Detection Management, ensure you're assigned the appropriate role and your role has the relevant permissions.
Analytics Rules: Read
The read permission for analytics rules allows you to:
View analytics rules
View analytics rule details
Analytics Rules: Read, Write, and Delete
The read, write, and delete permission for analytics rules allows you to do everything you can do with the read permission and also:
Correlation Rules: Read
The read permission for correlation rules allows you to:
View correlation rules
Correlation Rules: Read, Write, and Delete
The read, write, and delete permission for correlation rules allows you to do everything you can do with the read permission and also: