In this post, we’re going to get to know Chronicle SIEM with a focus on navigating the Rules Editor, which will serve as a foundation for building and managing our own rules.

With the Rules Editor, we can apply sorting and filtering to view the rules we have available to us, view the history of detections for a specific rule, as well as test a rule to ensure it is behaving as we would expect.

Follow along in the video below to see these capabilities in action.

As you start navigating the Rules Editor, remember that sort and filter will help you find the rules you want to edit or test and that view rule detections will show you detections that this rule has previously identified. 

The test rule capability provides a method to validate the rule before fielding it without creating any noise for your analysts to deal with.

If you have any questions, please feel free to leave a comment below. Also, check out these additional resources with more information and learning opportunities:

• New to Chronicle blog series
• Chronicle Learning Path on Google Cloud Skills Boost
• Chronicle documentation
• Google Cloud Security Community Events