Set correlation rules

  • 릴리스 버전: Australia
  • 업데이트 날짜 2026년 03월 12일
  • 소요 시간: 2분

    • After creating a CrowdStrike Next-Gen SIEM detection profile, select correlation rules to map corresponding detections to a security incident. Correlation rules are refreshed every time a profile is opened and new rules are available for selection. The CrowdStrike Next-Gen SIEM integration supports multiple profiles.

    시작하기 전에

    Role required: sn_si.ingestion_profile_admin

    주:
    Users with the sn_si.admin role can perform all operations available to a profile admin because the sn_si.admin role inherits the required permissions by default.

    프로시저

    1. If you are not continuing from the previous section of the detection profile definition process, access the profile you are defining.
      1. Navigate to All > CrowdStrike Next-Gen SIEM > Detection Profile.
      2. Select the profile you are continuing to define.
      3. Select Correlation Rules in the progress bar.
    2. Clear the All Correlation Rules selected check box.
    3. In the Correlation Rule List search field, enter the correlation rule name created in the CrowdStrike portal.
    4. Select the correlation rule.
    5. Use the right arrow to move the rule from Available to the Selected column.
    6. Complete this section of the detection profile definition process by selecting Continue.

    다음에 수행할 작업

    Map individual CrowdStrike Next-Gen SIEM detection fields to the fields on the ServiceNow AI Platform Security Incident Response security incident. For more information, see Map detection fields.