Skip to main content

Cloud SIEM Rules

This guide has information about Cloud SIEM rules, including how to write rules, rules syntax, and Cloud SIEM built-in rules.

In this section, we'll introduce the following concepts:

Flow diagram icon

About Cloud SIEM Rules

Learn about Cloud SIEM rules, rules syntax, and how to write rules.

Flow diagram icon

Before You Write a Custom Rule

Learn how to plan a custom rule and prototype rule expressions.

Flow diagram icon

Rules Syntax

Learn about the functions you can use when writing Cloud SIEM rules.

Flow diagram icon

Match Rule

Learn how to write a match rule.

Flow diagram icon

Chain Rule

Learn how to write a chain rule.

Flow diagram icon

Aggregation Rule

Learn how to write an Aggregation rule.

Flow diagram icon

Threshold Rule

Learn how to write a Threshold rule.

Flow diagram icon

First Seen Rule

Learn how to write a First Seen rule.

Flow diagram icon

Outlier Rule

Learn how to write an Outlier rule.

Flow diagram icon

Built-In Rules

Look at the various page lists and Cloud SIEM's built-in rules.

Flow diagram icon

Import YARA Rules

Learn how to import YARA rules from GitHub into Cloud SIEM.

Flow diagram icon

Normalized Authentication Rules

Detect activities that compromise accounts using authentication logs.

Flow diagram icon

Normalized Threat Rules

Learn about Cloud SIEM’s built-in normalized threat rules.

Flow diagram icon

Rule Tuning

Learn how to create and use tuning expressions for rules.

Flow diagram icon

Tailor a Global Rule

Learn how to tailor global (built-in) rules in Cloud SIEM.

Flow diagram icon

Insight Trainer

Learn how to adjust rules to improve insight generation.

Edit this page
Last updated on by John Pipkin (Sumo Logic)
Status
Legal
Privacy Statement
Terms of Use

Copyright © 2025 by Sumo Logic, Inc.