Filtering rules and building blocks by their properties
Tune your rules or building blocks by filtering their attributes, such as type, origin, group, and many more. You can also tune rules or building blocks by filtering them based on their test definitions. For example, you can add a test that matches only events from a specific log source. Examine and improve your MITRE ATT&CK coverage by filtering your rules based on their mappings to tactics and techniques.
Before you begin
About this task
As you select filters, the unapplied filter tags appear in the filters row with a lighter colored background. After you apply the filters, the tags change to a darker colored background.