In this episode, you'll learn to create custom detection rules. Open the Custom Rules tab. VRadar ships with three thousand Wazuh rules but sometimes you need rules specific to your environment. Click Create New Rule. The editor lets you define: a unique rule ID, severity level, match conditions based on log fields like text strings, regex patterns, or JSON fields, and a description of when the rule fires. You can inherit from existing parent rules. After saving, the rule is pushed to Wazuh Manager and applies immediately to new logs. Test the rule by sending a sample log or waiting for a real event. This powerful feature lets you detect attack patterns specific to your organization that default rules don't cover.
🌐 Sign up: https://vradar.io
📧 Support: [email protected]
📺 Playlist: VRadar Tutorial Series (English)
Tutorial series for VRadar — Vietnam's SOC SaaS platform.
18 episodes from login to post-quantum PQ-Agent install.
#VRadar #tutorial #SOC #cybersecurity #Wazuh #English
