Creating IOA rules from queries
Creating IOA rules from queries
March 20, 2024
ID 221532
You can create IOA rules based on the built queries.
To create an IOA rule:
- In the main menu, go to MONITORING & REPORTING → THREAT HUNTING.
- Enter a query in the query search box.
- Click the Create IOA rule button under the search box.
The New rule window opens.
- Specify the following details:
- Click the Create button.
An IOA rule with the searched conditions is created. You can check your IOA rules in the Custom rules section. If an IOA rule is triggered by an event, the name of the rule is displayed in the event details.
Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.