Email Security Analytics Rules - View and manage Analytics rules used in the Cortex Advanced Email Security module. - Administrator Guide - Cortex XDR - Cortex - Security Operations

Get an understanding of all the rules that generated an issue in one place.

Filter rules by name or description for seamless integration with issue investigations.

Filter rules by any column, including "Variant Severities" to quickly locate rule variants associated with specific severity criteria.

Order by any column, enabling you to prioritize and evaluate issues based on severity, name, modification time, and other critical factors.

Fine-tune your XDR Analytics rules by disabling or enabling specific ones.

View more information for a selected analytics rule, including all its variants, and pivot to the Cortex Analytics Reference for the specific rule.

Modification Time: When the rule was last changed.

Name

Severity: Severity of the basic variant.

Severity Variations: Number of different variants for the rule, including their respective severities.

Status

Type: XDR Analytics or XDR Analytics BIOC

Tags: Detector tag

Description

Mitre Att&ck Tactic

Mitre Att&ck Technique

# of Issues: Number of issues generated by the rule in all its variants.

Activation Prerequisites

Creation Time

Global Rule ID

Disable or enable a rule to customize issue generation based on the Analytics rule.

View all the email security issues that were generated by applying this rule.

Show or hide all rows with a specific rule.

View the rule with all its variants, including their respective descriptions, tags, and severities in the View Analytics Rule screen.