Rules guide

A rule is defined using XML-based language.

Rules are matched asynchronously on the server, so a delay can occur between when recent events are sent from the client to the server and processed by rules. A matched rule triggers associated actions and raises a detection, notifying a security engineer. The detection is shown in the Detections view and exported to ESET PROTECT On-Prem. An email can be send automatically when the detection is triggered.

A link to the Rules Guide is below the Syntax Reference on the right side.