You can create multiple versions of a rule. This lets you to experiment with your rule logic
for a more nuanced examination of your event data.
To view the versions of a rule, navigate to the Rules Editor:
Select a rule.
Click the rule menu icon and select View Versions as shown below.
View Versions menu option
Rule versions view is displayed.
From this view, you can select any of the previous versions of the rule.
Rule versions are labeled with the time it was created.
This view provides you with a number of options:
SAVE AS NEW—Saves the currently displayed version of the rule as a new and separate rule.
VIEW DETECTIONS—Display the detections stored with this version of the rule.
Note: These detections might not be current depending on the age of the rule version.
RUN TEST—Test the current version of the rule in real time, enabling you to determine the effectiveness of this version of the rule.
When you have finished examining the versions of the selected rule, click EXIT to return to the Rules Editor.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-06 UTC."],[[["Multiple versions of a rule can be created, allowing for experimentation and detailed analysis of event data."],["Detections are tied to the specific rule version that generated them, ensuring clear tracking of results."],["Users can access and review previous rule versions through the \"View Versions\" option in the Rules Editor."],["Each rule version provides options to save as a new rule, view detections, or run a real-time test, all from the versions view page."]]],[]]
View Versions menu option