[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-29 UTC."],[[["\u003cp\u003eThe Rule Detections view displays rule metadata and a graph of recent detections.\u003c/p\u003e\n"],["\u003cp\u003eAccess the Rule Detections view by navigating to \u003cstrong\u003eRules & Detections\u003c/strong\u003e and selecting a rule name, then click the right arrow in the Detections column.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003cstrong\u003eProcedural Filtering\u003c/strong\u003e menu, accessed via an icon in the top right corner, allows users to filter detection data.\u003c/p\u003e\n"],["\u003cp\u003eAvailable filtering options in Rule Detections view include \u003ccode\u003eMETADATA.EVENT_TYPE\u003c/code\u003e, \u003ccode\u003eMETADATA.PRODUCT_NAME\u003c/code\u003e, and various network-related parameters like \u003ccode\u003eNETWORK.APPLICATION_PROTOCOL\u003c/code\u003e and DNS details.\u003c/p\u003e\n"],["\u003cp\u003eThe fields available for Procedural Filtering are determined by the specific events returned for a detection.\u003c/p\u003e\n"]]],[],null,["# Filter data in Rule Detections view\n===================================\n\nRule Detections view displays the metadata attached to the rule and a graph showing the number of detections found by the rule over recent days.\n\nTo access the Rule Detection view in Google Security Operations, complete the following steps:\n\n1. In the navigation bar under Detections, select **Rules \\& Detections** to display the Rules dashboard.\n\n2. Click a rule name. The Rule Detections view is displayed.\n\n3. Click the right arrow in the Detections column in the left navigation panel.\n\n4. Click the icon\n in the top right corner of the Google SecOps\n user interface to open the **Procedural Filtering** menu.\n\n The following Procedural Filtering options are displayed in the Rule Detection view (this list does not include all the filtering options):\n - METADATA.EVENT_TYPE\n - METADATA.PRODUCT_NAME\n - NETWORK.APPLICATION_PROTOCOL\n - NETWORK.DNS.QUESTIONS.CLASS\n - NETWORK.DNS.ANSWERS.DATA\n - NETWORK.DNS.ANSWERS.NAME\n - NETWORK.DNS.ANSWERS.TTL\n - NETWORK.DNS.ANSWERS.TYPE\n - NETWORK.DNS.QUESTIONS.CLASS\n - NETWORK.DNS.QUESTIONS.NAME\n - NETWORK.DNS.QUESTIONS.TYPE\n\n| **Note:** The fields available for Procedural Filtering are dependent on the events returned for this detection."]]
icon
in the top right corner of the Google SecOps
user interface to open the Procedural Filtering menu.