Docs
Configuration
Identify
Threat Detection Rules
Configure a Threat Rule

Configure a Threat Rule

Follow these steps to configure a Threat Rule:

  1. Navigate to Configuration | Identify | Threat Rules.
  2. Click + Add Rule.
  3. For Name, enter a descriptive name for your new rule.
  4. For Category, from the drop-down, select a category.
  5. For Score, enter a number.
  6. For Group, from the drop-down, select either Group, Role, or Account.
  7. Click Add.

You may also edit an existing Threat Rule via the edit button.

Use the Rule Matches button to retrieve all accounts that match the specific rule. Rule matching is not available for aggregation rules.

Default RulesAccount Z-Score