• Rules guide
  • Rule syntax
    • Operations
    • Actions
  • Targets
  • Threshold rules
    • Threshold rule example
  • Sequence rules
  • Components and supported operations
    • ApiCall
    • ClientEnterprise
    • ClientFileItem
    • ClientLiveGrid
    • ClientModule
    • ClientProcessInfo
    • CodeInjectionInfo
    • DateTime
    • DnsInfo
    • Endpoint
    • Enterprise
    • EnterpriseInspector
    • FileAttribute
    • FileItem/DestFileItem
    • InspectDetection
    • LiveGrid
    • Module
    • Network
    • OpenProcess
    • ProcessBehavior
    • ProcessInfo
    • RegistryItem
    • Scripts
    • SystemInfo
    • TargetUser/DoneByUser
    • UserGroupData
    • UserLogonData
    • WmiExecutionInfo
    • WmiPersistenceInfo
    • WmiQueryInfo
  • Property Types & Relations, Symbols
  • Supported environment variables
  • Best Practices
  • Rules Examples
    • Working with registry
    • Monitoring network connections
    • Working with URLs
    • Working with command line
    • Working with a parent-child relationship
    • Working with LiveGrid and Safe property
    • Working with compromised flag