Rules

Rules raise detections on certain events or changes.

For example: security options in registry were changed; Rundll32 created a network connection; RAR encrypts and deletes files; MS Office application executes script interpreter.

Security engineers can add and edit their owns rules, but there is also a set of rules provided by ESET that cannot be modified  by security engineers.

A rule is defined using XML based language.

Rules are matched on the server. They are matched asynchronously, so there can be small delay between when recent events are sent from client to server and being processed by rules. A matched rule triggers associated actions and notify a security engineer by raising a detection. The detection is displayed in Detections view but it is also exported to ESET PROTECT (or SIEM) or an email can be automatically sent when the detection is triggered.

Where do I find a detailed rules guide

 

Admin_Alarm_Rules_Click

On the right side, you can see the Syntax Reference where on the bottom you can find the link to the Rules Guide.