How to create a new detection rule from the Event overview table

Learn how to change the risk level of events right from the Event overview table

In Safetica NXT, you can quickly and effectively optimize the detection of risky events while investigating operations that were performed in your environment. You can change the risk level of individual events and decide whether they are Risky or Safe directly in Data Security > Overview in the Event overview table:

    1. Click the that appears in the Risk level column after you hover the mouse over a particular event.

The feature is not available for aggregated events.

   2. Click the option shown in the drop-down menu.

   3. The form for detection rule creation appears. The criteria will be filled in automatically based on the respective event (except Rule name, File, File size, and Source).

More info about detection rule creation can be found here.

The newly created rule appears at the top of the Detection rules overview table in the Detection rules section, so it has the highest priority and takes precedence before all other rules.

After the new rule is created, risk level is recalculated for all past events. Applying these changes might take a few minutes.

Rule classif change

Want to learn more? Read next:

What is Risk level in Safetica NXT?

How to create a new detection rule

Safetica NXT Data security - Overview

Safetica NXT Data security - Detection rules