Cloud SIEM Built-In Rules
A Cloud SIEM rule is logic that fires based on information in incoming records. When a rule fires, it creates a signal. There are several types of rules, each of which supports a different sort of firing behavior. While you can write your own rules, there are hundreds of rules that Cloud SIEM provides out-of-the-box. Before writing your own rule, look at the built-in rules to see if there's one that provides the behavior you need.
For the complete list of built-in rules, see Rules in the Cloud SIEM Content Catalog.