Skip to main content

Cloud SIEM Rules

This guide has information about Cloud SIEM rules, including how to write rules, rules syntax, and Cloud SIEM built-in rules.

In this section, we'll introduce the following concepts:

icon

About Cloud SIEM Rules

Learn about Cloud SIEM rules, rules syntax, and how to write rules.

icon

Before You Write a Custom Rule

Learn how to plan a custom rule and prototype rule expressions.

icon

Rules Syntax

Learn about the functions you can use when writing Cloud SIEM Rules.

icon

Match Rule

Learn how to write a match rule.

icon

Chain Rule

Learn how to write a chain rule.

icon

Aggregation Rule

Learn how to write an Aggregation rule.

icon

Threshold Rule

Learn how to write a Threshold rule.

icon

First Seen Rule

Learn how to write a First Seen rule.

icon

Outlier Rule

Learn how to write an Outlier rule.

icon

Built-In Rules

Look at the various page lists and Cloud SIEM's built-in rules.

icon

Import YARA Rules

Learn how to import YARA rules from GitHub into Cloud SIEM.

icon

Normalized Authentication Rules

Detect activities that compromise accounts using authentication logs.

icon

Normalized Threat Rules

Learn about Cloud SIEM’s built-in normalized threat rules.

icon

Rule Tuning

Learn how to create and use tuning expressions for rules.

icon

Tailor a Global Rule

Learn how to tailor global (built-in) rules in Cloud SIEM.

icon

Insight Trainer

Learn how to adjust rules to improve Insight generation.

Edit this page
Last updated on by John Pipkin (Sumo Logic)
Status
Legal
Privacy Statement
Terms of Use

Copyright © 2024 by Sumo Logic, Inc.