You can create multiple versions of a rule. This lets you to experiment with your rule logic
for a more nuanced examination of your event data.
To view the versions of a rule, navigate to the Rules Editor:
Select a rule.
Click the rule menu icon and select View Versions as shown below.
View Versions menu option
Rule versions view is displayed.
From this view, you can select any of the previous versions of the rule.
Rule versions are labeled with the time it was created.
This view provides you with a number of options:
SAVE AS NEW—Saves the currently displayed version of the rule as a new and separate rule.
VIEW DETECTIONS—Display the detections stored with this version of the rule.
Note: These detections might not be current depending on the age of the rule version.
RUN TEST—Test the current version of the rule in real time, enabling you to determine the effectiveness of this version of the rule.
When you have finished examining the versions of the selected rule, click EXIT to return to the Rules Editor.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-29 UTC."],[[["\u003cp\u003eMultiple versions of a rule can be created, allowing for experimentation and detailed analysis of event data.\u003c/p\u003e\n"],["\u003cp\u003eDetections are tied to the specific rule version that generated them, ensuring clear tracking of results.\u003c/p\u003e\n"],["\u003cp\u003eUsers can access and review previous rule versions through the "View Versions" option in the Rules Editor.\u003c/p\u003e\n"],["\u003cp\u003eEach rule version provides options to save as a new rule, view detections, or run a real-time test, all from the versions view page.\u003c/p\u003e\n"]]],[],null,["# View previous versions of a rule\n================================\n\nSupported in: \nGoogle secops [SIEM](/chronicle/docs/secops/google-secops-siem-toc)\n\nYou can create multiple versions of a rule. This lets you to experiment with your rule logic\nfor a more nuanced examination of your event data.\n| **Note:** Any detections made with a version of a rule remain with it. If you switch to a different version of a rule, the detections you view are associated with that version and that version only.\n| **Note:** Rules can create detections on existing data. During reprocessing of enriched events, a rule can create a detection on an event that was modified (enrichment reoccurred) or on an event that matches the logic of a new rule version.\n\nTo view the versions of a rule, navigate to the Rules Editor:\n\n1. Select a rule.\n2. Click the rule menu icon and select **View Versions** as shown below.\n\n\n **View Versions menu option**\n3. Rule versions view is displayed.\n\n From this view, you can select any of the previous versions of the rule.\n Rule versions are labeled with the time it was created.\n4. This view provides you with a number of options:\n\n - **SAVE AS NEW**---Saves the currently displayed version of the rule as a new and separate rule.\n - **VIEW DETECTIONS**---Display the detections stored with this version of the rule. Note: These detections might not be current depending on the age of the rule version.\n - **RUN TEST**---Test the current version of the rule in real time, enabling you to determine the effectiveness of this version of the rule.\n\n | **Note:** Detections found through the test are not saved.\n5. When you have finished examining the versions of the selected rule, click **EXIT** to return to the Rules Editor.\n\n**Need more help?** [Get answers from Community members and Google SecOps professionals.](https://security.googlecloudcommunity.com/google-security-operations-2)"]]
View Versions menu option