This page provides information about Security Analytics procedures that fall outside of any specific version. These procedures deal with specific ways to configure or interact with rules, reports, parsers, and other types of Content.
The following procedures are documented:
- Add or Update Supported Event Source Log Parsers
- Change Core ESA Rule or Alert Parameters
- Create Meta and Feed for Lateral Movement
- Create Feed for Rogue DHCP Server Rule
- Create Custom Typespec for File Collection
- Create Custom Typespec for ODBC Collection
- Implement Non-Standard Meta Keys Used in ESA Rules
- Track LogStats Log Count
- Work With Event Stream Analysis Rules
