To create a new rule will head into Automation > D&R for the endpoint. !Image Description

To find a previously created rule to match LaZagne, let’s search for the tactic designated by MITRE to narrow down our results. Since we will edit the rule to our needs, will select the first option. !Image Description

Then follow the github link where the rule definition is. !Image Description

Copy Raw file. !Image Description