Rules guide
A rule is defined using XML-based language.
Rules are matched on the server. They have matched asynchronously, so there can be a small delay between when recent events are sent from client to server and processed by rules. A matched rule triggers associated actions and notifies a security engineer by raising a detection. The detection is displayed in the Detections view, but it is also exported to ESET PROTECT On-Prem (or SIEM), or an email can be automatically sent when the detection is triggered.
Link to the Rules Guide is available below the Syntax Reference on the right side.