Security rules

Security rules help you connect the dots between your data sources and events that could indicate a security threat or breach.

Your Cloud SIEM account comes pre-configured with security rules for different attack types and security use cases. These built-in rules are protected, and there are limitations on the changes that can be made to them. Pre-configured rules can be updated by adding notification endpoints (like email or Slack), changing trigger thresholds and severities, and adding tags, as described in detail in the endpoint.

You can also create new security rules to supplement the built-in rules.

Create a security rule

Creates a new security rule and activates it.

Retrieve a security rule

Retrieves a security rule by its ID.

Update a security rule

Applies changes to a rule, identified by its ID. Can also be used to enable or disable a rule.

Delete a security rule

Deletes a security rule by its ID.

Retrieve security rules

Retrieve a list of security rules for a specific Security account. The results are paginated. Filtering, sorting and pagination are all optional. If you want to get all rules, send the payload in `{}` format.

Enable a rule

Enables a security rule by its ID.

Disable a rule

Disables a security rule by its ID.

Bulk update security rules

Update security rules in bulk

Bulk delete security rules

Delete security rules in bulk