Cloud SIEM Rules
This guide has information about Cloud SIEM rules, including how to write rules, rules syntax, and Cloud SIEM built-in rules.
In this section, we'll introduce the following concepts:
![Flow diagram icon](/img/icons/operations/rules.png)
About Cloud SIEM Rules
Learn about Cloud SIEM rules, rules syntax, and how to write rules.
![Flow diagram icon](/img/icons/operations/rules.png)
Before You Write a Custom Rule
Learn how to plan a custom rule and prototype rule expressions.
![Flow diagram icon](/img/icons/operations/rules.png)
Rules Syntax
Learn about the functions you can use when writing Cloud SIEM Rules.
![Flow diagram icon](/img/icons/operations/rules.png)
Match Rule
Learn how to write a match rule.
![Flow diagram icon](/img/icons/operations/rules.png)
Chain Rule
Learn how to write a chain rule.
![Flow diagram icon](/img/icons/operations/rules.png)
Aggregation Rule
Learn how to write an Aggregation rule.
![Flow diagram icon](/img/icons/operations/rules.png)
Threshold Rule
Learn how to write a Threshold rule.
![Flow diagram icon](/img/icons/operations/rules.png)
First Seen Rule
Learn how to write a First Seen rule.
![Flow diagram icon](/img/icons/operations/rules.png)
Outlier Rule
Learn how to write an Outlier rule.
![Flow diagram icon](/img/icons/operations/rules.png)
Built-In Rules
Look at the various page lists and Cloud SIEM's built-in rules.
![Flow diagram icon](/img/icons/operations/rules.png)
Import YARA Rules
Learn how to import YARA rules from GitHub into Cloud SIEM.
![Flow diagram icon](/img/icons/operations/rules.png)
Normalized Authentication Rules
Detect activities that compromise accounts using authentication logs.
![Flow diagram icon](/img/icons/operations/rules.png)
Normalized Threat Rules
Learn about Cloud SIEM’s built-in normalized threat rules.
![Flow diagram icon](/img/icons/operations/rules.png)
Rule Tuning
Learn how to create and use tuning expressions for rules.
![Flow diagram icon](/img/icons/operations/rules.png)
Tailor a Global Rule
Learn how to tailor global (built-in) rules in Cloud SIEM.
![Flow diagram icon](/img/icons/operations/rules.png)
Insight Trainer
Learn how to adjust rules to improve Insight generation.