From the my.defense.com dashboard, select Detection from the navigation on the left-hand side

Next, select SIEM and then Log Search from the sub-navigation

From the Log Search page, you can then begin to build the query for your detection rule and configure the data you'd like to be able to see at-a-glance by selecting the appropriate data fields as columns

Begin by selecting the Date Range of the data you'd like to collect. You can choose between pre-built filters e.g. Last 30 days, or configure a specific start and end date and time

Next, using the Search Query field, you can enter the query you'd like to use to identify the log data you're looking for. Our log searching uses the Lucene query language, you can find out more about this in this guide

Once you've identified the right type of logs, you can select which data fields you'd like to be able to see at-a-glance by clicking on one of the logs in question and selecting the Show column action button next to the field in question

Once you're happy that the detection rule is configured correctly, click the Save Detection Rule button, which is located just below the Search Query field

You'll then be presented with a modal where you give your rule a Name (required) and Description (required)

Once you're happy with these, click Save Detection Rule

From the my.defense.com dashboard, select Detection from the navigation on the left-hand side

Then head to SIEM and select Log Search from the sub-navigation

From the Log Search page, you need to head over to the top right-hand corner and select Saved Detection Rules

You'll then be presented with a list of the detection rules you have saved on your account

From here, you can View, Edit and Delete your detection rules using the action buttons on the right-hand side of the page

You can also create Scheduled Reports, which you can learn more about in this guide