Skip to main content

Security rules

Security rules help you connect the dots between your data sources and events that could indicate a security threat or breach.

Your Cloud SIEM account comes pre-configured with security rules for different attack types and security use cases. These built-in rules are protected, and there are limitations on the changes that can be made to them. Pre-configured rules can be updated by adding notification endpoints (like email or Slack), changing trigger thresholds and severities, and adding tags, as described in detail in the endpoint.

You can also create new security rules to supplement the built-in rules.