Skip to main content

Affinity/Documentation

Getting Started

What is Affinity
Sign In
Your First 15 Minutes
Navigation Map

Integrations (Admin)

Integration List
Create Integration
Start Ingestion
Secrets

Logs (Analyst)

Overview
SQL Queries
Search & Export
Analytics Mode
Share Queries
Create Rule from Logs

Alerts (Analyst)

List & Filters
Details & Management
Full View

Detection & Notifications (Admin)

Detection Rules
Notification Channels

Incident Response (Analyst)

Extract IOCs
Query IOCs in Logs
Export Results

Usage Analytics

Ingestion Metrics

Administration

User Management

Troubleshooting

Common Issues

Reference

Glossary
Integration Catalog
FAQ
Step-by-Step Guides

Create Detection Rule from Logs

Administrator5 min

What it's for

Turn an investigation query into a permanent detection rule.

Steps

In Table View, use the Create Detection Rule icon (shield), or context menu → `Create Detection Rule`.
Opens `/management/detection-rules?create=true` with the query preloaded.
Complete the rules wizard (Detection Rules).

Expected result

Rules wizard open with SQL query preloaded.

See also

Detection Rules

Share Queries

List & Filters