Set correlation rules

  • リリースバージョン: Australia
  • 更新日 2026年03月12日
  • 所要時間:2分

    • After creating a CrowdStrike Next-Gen SIEM detection profile, select correlation rules to map corresponding detections to a security incident. Correlation rules are refreshed every time a profile is opened and new rules are available for selection. The CrowdStrike Next-Gen SIEM integration supports multiple profiles.

    始める前に

    Role required: sn_si.ingestion_profile_admin

    注:
    Users with the sn_si.admin role can perform all operations available to a profile admin because the sn_si.admin role inherits the required permissions by default.

    手順

    1. If you are not continuing from the previous section of the detection profile definition process, access the profile you are defining.
      1. Navigate to All > CrowdStrike Next-Gen SIEM > Detection Profile.
      2. Select the profile you are continuing to define.
      3. Select Correlation Rules in the progress bar.
    2. Clear the All Correlation Rules selected check box.
    3. In the Correlation Rule List search field, enter the correlation rule name created in the CrowdStrike portal.
    4. Select the correlation rule.
    5. Use the right arrow to move the rule from Available to the Selected column.
    6. Complete this section of the detection profile definition process by selecting Continue.

    次のタスク

    Map individual CrowdStrike Next-Gen SIEM detection fields to the fields on the ServiceNow AI Platform Security Incident Response security incident. For more information, see Map detection fields.