Cloud SIEM Rules

This guide has information about Cloud SIEM rules, including how to write rules, rules syntax, and Cloud SIEM built-in rules.

In this section, we'll introduce the following concepts:

Learn about Cloud SIEM rules, rules syntax, and how to write rules.

Learn about Cloud SIEM rules statuses and how to address rules in a degraded or failed state.

Learn how to plan a custom rule and prototype rule expressions.

Learn about the functions you can use when writing Cloud SIEM rules.

Learn how to write a match rule.

Learn how to write a chain rule.

Learn how to write an Aggregation rule.

Learn how to write a Threshold rule.

Learn how to write a First Seen rule.

Learn how to write an Outlier rule.

Look at the various page lists and Cloud SIEM's built-in rules.

Detect activities that compromise accounts using authentication logs.

Learn about Cloud SIEM’s built-in normalized threat rules.

Learn how to create and use tuning expressions for rules.

Learn how to tailor global (built-in) rules in Cloud SIEM.

Learn how to adjust rules to improve insight generation.