Rules guide
Rule syntax
Targets
Components and supported operations
ApiCall
ClientEnterprise
ClientFileItem
ClientLiveGrid
ClientModule
ClientProcessInfo
CodeInjectionInfo
DateTime
DnsInfo
Endpoint
Enterprise
EnterpriseInspector
FileAttribute
FileItem/DestFileItem
LiveGrid
Module
Network
OpenProcess
ProcessBehavior
ProcessInfo
RegistryItem
Scripts
SystemInfo
TargetUser/DoneByUser
UserGroupData
UserLogonData
WmiExecutionInfo
WmiPersistenceInfo
WmiQueryInfo
Property Types & Relations, Symbols
Supported environment variables
Best Practices
Rules Examples
Working with registry
Monitoring network connections
Working with URLs
Working with command line
Working with a parent-child relationship
Working with LiveGrid and Safe property
Last updated: August 15, 2023