Set the run frequency

Rule run frequency impacts the latency with which detections are discovered for each rule. Longer run frequencies increase the amount of time between when an event occurs and when a detection is processed for that event. For details, see Detection latencies.

To specify the run frequency for a rule, complete the following steps:

1. Navigate to the Rules Dashboard.

2. Open the rule options menu.

3. Click Run frequency.

4. Choose one of the Run frequency values.

   • 10 min: Choose this frequency if you want your detections as soon as possible.
   • 1 hr: Detections begin to process after 1-2 hours, after which they are subject to normal detection latency.
   • 24 hrs: Detections will begin to process after 24 hours, after which they are subject to normal detection latency.

   Rules with a match section with a window size greater than one hour are limited to the 1 hr and 24 hrs run frequencies.