CSE Rules

This guide has information about Cloud SIEM Enterprise (CSE) rules, including how to write rules, rules syntax, and CSE built-in rules.

In this section, we'll introduce the following concepts:

Learn about CSE rules, rules syntax, and how to write rules.

Learn how to plan a custom rule and prototype rule expressions.

Learn how to write a match rule.

Learn how to write a chain rule.

Learn how to write an Aggregation rule.

Learn how to write a Threshold rule.

Learn about First Seen rules and how to create them in the CSE UI.

Learn about the functions you can use when writing CSE Rules.

Look at the various page lists and CSE's built-in rules.

Learn how to import YARA rules from GitHub into CSE.

Detect activities that compromise accounts using authentication logs.

Learn about CSE’s built-in normalized threat rules.

Learn how to create and use tuning expressions for rules.

Learn how to tailor global (built-in) rules in CSE.