Skip to main content
Affinity/Documentation
Español

Getting Started

  • What is Affinity
  • Sign In
  • Your First 15 Minutes
  • Navigation Map

Integrations (Admin)

  • Integration List
  • Create Integration
  • Start Ingestion
  • Secrets

Logs (Analyst)

  • Overview
  • SQL Queries
  • Search & Export
  • Analytics Mode
  • Share Queries
  • Create Rule from Logs

Alerts (Analyst)

  • List & Filters
  • Details & Management
  • Full View

Detection & Notifications (Admin)

  • Detection Rules
  • Notification Channels

Incident Response (Analyst)

  • Extract IOCs
  • Query IOCs in Logs
  • Export Results

Usage Analytics

  • Ingestion Metrics

Administration

  • User Management

Troubleshooting

  • Common Issues

Reference

  • Glossary
  • Integration Catalog
  • FAQ
  • Step-by-Step Guides

Detection Rules

Administrator20 min

Route: `/management/detection-rules` — Title: **Detection Rules**

Define which threats matter to your organization. Create custom rules, connect them to Slack or Discord, and let Affinity monitor your logs 24/7.

What it's for

Create and manage rules that generate automatic alerts from SQL queries.

Steps

  1. Go to MANAGEMENT → DETECTION RULES.
  2. Click Add Rule.
  3. Step Detection Logic: SQL query, Query Builder, test rule.
  4. Step Rule Management: enable/disable, notification channels.
  5. Step Basic Info: name, rule type.
  6. Step Details: description, severity, resolution, MITRE.
  7. Step Review: final review → Create Rule (Creating...).

Expected result

  • The rule appears in the Detection Rules list.
  • After the evaluation interval, alerts may appear in ALERTS.

Tips

  • Rule types: Behavioral, Signature-Based, Anomaly-Based, Correlation, ML/AI-Based, Threshold-Based, Time-Based, TTP-Based (MITRE ATT&CK), IOC/Threat Intel Rules.
  • Severities: `Low`, `Medium`, `High`, `Critical`.

See also

  • Notification Channels
  • Alert List
Previous

Full View

Next

Notification Channels