Version History

Overview

The version history for a GitHub OAuth access token compromise showing

Use Rule Version History to:

  • See past versions of a detection rule and understand the changes over time.
  • See who made the changes for improved collaboration.
  • Compare versions with diffs to analyze the modifications and impact of the changes.

See version history of a rule

To see the version history of a rule:

  1. Navigate to Detection Rules.
  2. Click on the rule you are interested in.
  3. In the rule editor, click Version History to see past changes.
  4. Click a specific version to see what changes were made.
  5. Click Open Version Comparison to see what changed between versions.
  6. Select the two versions you want to compare.
    • Data highlighted in red indicates data that was modified or removed.
    • Data highlighted in green indicates data that was added.
  7. Click Unified if you want to see the comparison in the same panel.

Further reading

Additional helpful documentation, links, and articles:

Create a custom ruleDOCUMENTATION more more