To open the Rules Dashboard in Google Security Operations, select Rules from
the menu icon apps.
The Rules Dashboard displays all of the rules you
have stored within your Google SecOps account. On systems that use
data RBAC, you can view and manage only those rules that are bound to a data
scope that you have access to.
The rules dashboard includes the following features:
Trend chart displays the rule with the greatest number of detections over the
past 3 weeks.
Displays a graph of the activity associated with the rules. Hovering over a bar in the chart
displays the date and number of detections.
Run frequency indicates the approximate frequency the rule will execute.
Live Status (Enabled or Disabled).
Rule severity as in the Rule metadata.
If you hover over a rule and click the menu icon to the right, you can open
the Rule Settings
menu and manipulate the Live Rule, Run Frequency, and Notifications options.
Live Rule monitors your incoming logs for threats until it is deleted or disabled.
Alerting indicates an anomaly in the normal workflow of traffic within the enterprise. You should
investigate alerts as a possible breach of security.
Run Frequency indicates the approximate frequency the rule will execute and impacts the latency with
which detections are discovered for each rule.
YARA-L Retrohunt enables you to use the selected rule to search for detections throughout existing
data in {google_secops_name_short}}.
Edit Rule enables you to edit existing rules and create new rules.
View Rule Detections enables you to view detections generated by a live rule.
Archive hides the rule and the security data related to that rule (and all of its versions) without
actually deleting the rule.
Clicking a rule name opens the Rule Detections view.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-29 UTC."],[[["\u003cp\u003eThe Rules Dashboard in Google Security Operations displays all stored rules, with data RBAC systems restricting access to rules bound to accessible data scopes.\u003c/p\u003e\n"],["\u003cp\u003eThe dashboard features a trend chart showing the rule with the most detections in the past three weeks, alongside a graph of rule-related activity, including rule execution frequency and live status.\u003c/p\u003e\n"],["\u003cp\u003eHovering over a rule allows access to the Rule Settings menu, where options like Live Rule, Run Frequency, and Notifications can be adjusted, and the selected rule can be used for YARA-L Retrohunt.\u003c/p\u003e\n"],["\u003cp\u003eUsers can view detections, edit rules, and archive rules, while also having access to more resources through the provided link.\u003c/p\u003e\n"]]],[],null,["# Viewing rules in Rules Dashboard\n================================\n\nSupported in: \nGoogle secops [SIEM](/chronicle/docs/secops/google-secops-siem-toc)\n\nTo open the Rules Dashboard in Google Security Operations, select **Rules** from\nthe menu icon apps.\nThe Rules Dashboard displays all of the rules you\nhave stored within your Google SecOps account. On systems that use\ndata RBAC, you can view and manage only those rules that are bound to a data\nscope that you have access to.\n\nThe rules dashboard includes the following features:\n\n- Trend chart displays the rule with the greatest number of detections over the past 3 weeks.\n- Displays a graph of the activity associated with the rules. Hovering over a bar in the chart displays the date and number of detections.\n- Run frequency indicates the approximate frequency the rule will execute.\n- Live Status (Enabled or Disabled).\n- Rule severity as in the Rule metadata.\n\nIf you hover over a rule and click the menu icon to the right, you can open\nthe **Rule Settings**\nmenu and manipulate the **Live Rule** , **Run Frequency** , and **Notifications** options.\n\n- **Live Rule** monitors your incoming logs for threats until it is deleted or disabled.\n- Alerting indicates an anomaly in the normal workflow of traffic within the enterprise. You should investigate alerts as a possible breach of security.\n- **Run Frequency** indicates the approximate frequency the rule will execute and impacts the latency with which detections are discovered for each rule.\n- **YARA-L Retrohunt** enables you to use the selected rule to search for detections throughout existing data in {google_secops_name_short}}.\n- **Edit Rule** enables you to edit existing rules and create new rules.\n- **View Rule Detections** enables you to view detections generated by a live rule.\n- **Archive** hides the rule and the security data related to that rule (and all of its versions) without actually deleting the rule.\n\nClicking a rule name opens the **Rule Detections** view.\n\n**Need more help?** [Get answers from Community members and Google SecOps professionals.](https://security.googlecloudcommunity.com/google-security-operations-2)"]]
