Set correlation rules

  • Rversion finale: Australia
  • Mis à jour 12 mars 2026
  • 1 minute de lecture

    • After creating a CrowdStrike Next-Gen SIEM detection profile, select correlation rules to map corresponding detections to a security incident. Correlation rules are refreshed every time a profile is opened and new rules are available for selection. The CrowdStrike Next-Gen SIEM integration supports multiple profiles.

    Avant de commencer

    Role required: sn_si.ingestion_profile_admin

    Remarque :
    Users with the sn_si.admin role can perform all operations available to a profile admin because the sn_si.admin role inherits the required permissions by default.

    Procédure

    1. If you are not continuing from the previous section of the detection profile definition process, access the profile you are defining.
      1. Navigate to All > CrowdStrike Next-Gen SIEM > Detection Profile.
      2. Select the profile you are continuing to define.
      3. Select Correlation Rules in the progress bar.
    2. Clear the All Correlation Rules selected check box.
    3. In the Correlation Rule List search field, enter the correlation rule name created in the CrowdStrike portal.
    4. Select the correlation rule.
    5. Use the right arrow to move the rule from Available to the Selected column.
    6. Complete this section of the detection profile definition process by selecting Continue.

    Que faire ensuite

    Map individual CrowdStrike Next-Gen SIEM detection fields to the fields on the ServiceNow AI Platform Security Incident Response security incident. For more information, see Map detection fields.