Detection Rules

Purpose: To define matching conditions (via matchers and logical operators) for triggering alerts from incoming data.

On the same screen, you can perform the actions Add, Edit, Delete

And a list of created Detection Rules will be displayed.

Steps to Add Detection Rule:

  1. Click “+ Detection Rule” button
  2. Enter:
    • Rule Name
    • Type – Select from available Log Types
    • Description
  3. Add Query Matchers:
    • Define key-value patterns
    • Multiple matchers can be added
    • Set Conditions using logical operators like AND/OR
  4. Click Save

The detection rule will now be part of available rules and usable in Detectors.

Figure 1. Figure - Detection Rules
Figure 2. Figure - Detection Rules Creation

On the Detection Rules screen, You will see the newly created detection rule

In the table, you can click "Edit" or “Delete” or “View” detection rule

Steps to edit Detection Rule:

  1. Click on edit button
  2. Update the required details
  3. Click on Update button to make the changes reflect
Figure 3. Figure - Detection Rules Edit
Figure 4. Figure - Detection Rules Edit (cont.)

Steps to delete rule:

  1. Click on delete button
  2. Click OK to confirm the message in the pop-up dialog box.
Figure 5. Figure - Detection Rules Delete