<ul><li>Within the “Advanced Options” of the “About Rule” section of Elastic hides a useful feature that gets little attention.</li><li>This feature makes the rule generate alerts that are ‘hidden’ from the alerts view.</li><li>Create threshold rules to identify interesting behaviors when 5 or more of them occur within a time period.</li><li>Build new terms rules to look for the first time someone performs a 'low' behavior, based on existing threshold rules.</li></ul>

Making Use of Building Block Rules in Elastic

Discover more