- Get Started with Threat Detection Management
- Analytics Rules
- Analytics Rule Classifications
- Create an Analytics Rule
- 1. Define the analytics rule
- 2. Import the analytics rule
- 3. Enable the analytics rule
- 4. Apply the analytics rule to your environment
- factFeature Analytics Rule JSON Configuration
- profiledFeature Analytics Rule JSON Configurationh
- contextFeature Analytics Rule JSON Configuration
- numericCountProfiledFeature Analytics Rule JSON Configuration
- numericDistinctCountProfiledFeature Analytics Rule JSON Configuration
- numericSumProfiledFeature Analytics Rule JSON Configuration
- Manage Analytics Rules
- Tune Analytics Rules
- Share Analytics Rules
- Troubleshoot Analytics Rules
- Analytics Rules Syntax
- Advanced Analytics Rule Syntax vs. Analytics Rule Syntax
- Logical Expressions in Analytics Rule Syntax
- String Operations Using Analytics Rule Syntax
- Integer Operations Using Analytics Rule Syntax
- Time Operations Using Analytics Rule Syntax
- Network Operations Using Analytics Rule Syntax
- Context Operations Using Analytics Rule Syntax
- Entity Operations Using Analytics Rule Syntax
- Correlation Rule Operations Using Analytics Rule Syntax
- Monitor the Analytics Engine
- Correlation Rules
- Threat Scoring
Threat Detection Management
Manage rules for detecting threats with Threat Detection Management.
Threat Detection Management is the hub on New-Scale Security Operations Platform for the rules you use to detect threats. It centralizes all rules, both analytics rules and correlation rules, so you raise accurate, high-fidelity alerts with minimal noise and ensure you're surfacing what's important to your organization.
Analytics rules are rules that assess events for potential risk as a part of the analytics engine. With the statistical analysis and pattern recognition capabilities of the analytics engine, you can identify trends and deviations that may indicate a security risk.
Correlation rules are rules that automatically correlate an event to a specific result. If an event meets specific conditions, the correlation rule triggers, which then takes a certain action. With the if-then logic of correlation rules, you can monitor known anomalies, detect signature-based threats, and identify compliance violations.
Threat Detection Management is available for certain licenses only. Permissions determine what you're permitted to see and do in Threat Detection Management.