Cloud SIEM Rules
This guide has information about Cloud SIEM rules, including how to write rules, rules syntax, and Cloud SIEM built-in rules.
In this section, we'll introduce the following concepts:
About Cloud SIEM Rules
Learn about Cloud SIEM rules, rules syntax, and how to write rules.
Before You Write a Custom Rule
Learn how to plan a custom rule and prototype rule expressions.
Rules Syntax
Learn about the functions you can use when writing Cloud SIEM rules.
Match Rule
Learn how to write a match rule.
Chain Rule
Learn how to write a chain rule.
Aggregation Rule
Learn how to write an Aggregation rule.
Threshold Rule
Learn how to write a Threshold rule.
First Seen Rule
Learn how to write a First Seen rule.
Outlier Rule
Learn how to write an Outlier rule.
Built-In Rules
Look at the various page lists and Cloud SIEM's built-in rules.
Import YARA Rules
Learn how to import YARA rules from GitHub into Cloud SIEM.
Normalized Authentication Rules
Detect activities that compromise accounts using authentication logs.
Normalized Threat Rules
Learn about Cloud SIEM’s built-in normalized threat rules.
Rule Tuning
Learn how to create and use tuning expressions for rules.
Tailor a Global Rule
Learn how to tailor global (built-in) rules in Cloud SIEM.
Insight Trainer
Learn how to adjust rules to improve insight generation.