Create rules using the rule builder

The rule builder is the right starting point when you're creating a rule from scratch and want inline guidance through each setting. For a full description of what each setting does, refer to Configure a rule.

If you already have a working query in Discover, you can create a rule directly from there without re-entering it. If you're managing rules as code or need to version-control rule definitions, use the YAML editor instead.