Rules guide

A rule is defined using XML-based language.

Rules are matched on the server. They have matched asynchronously, so there can be a small delay between when recent events are sent from client to server and processed by rules. A matched rule triggers associated actions and notifies a security engineer by raising a detection. The detection is displayed in the Detections view, but it is also exported to ESET PROTECT (or SIEM), or an email can be automatically sent when the detection is triggered.

Link to the Rules Guide is available below the Syntax Reference on the right side.