Datadog Cloud SIEM's Security Rules allow you to define patterns that match specific activity from an attacker as dangerous and alert you when these patterns occur. The new value detection method enables the system to learn historical behavior of specified entities within your environment, notifying you whenever unfamiliar values appear in attribute fields of their associated logs. This feature monitors behavioral patterns in your logs and automatically notifies you whenever a deviation from the baseline occurs. New value-based rules analyze users and entities over a chosen period of time, generating Security Signals for anomalies such as requests coming from new countries or IP addresses. By setting up detection rules with accurate training windows, you can proactively detect unknown threats before they become serious issues.