Detection and Response

Build custom detection logic with automated response actions.

Documentation

• Detection and Response Examples - Sample detection rules
• Detection on Alternate Targets - Detections beyond endpoint events
• False Positive Rules - Managing false positives
• Writing and Testing Rules - Rule development guide
• Stateful Rules - Rules with state tracking
• Unit Tests - Testing detection rules
• Replay - Replaying events for testing