Archiving a rule enables you to hide the security data related to that rule (and all of its versions) without actually deleting the rule. Much of the functionality available for active rules (for example, enabling a rule) is not available for archived rules.
Note the following:
Rules Dashboard does not display archived rules.
Test Rule can be used on archived rules.
Viewing rules
Complete the following steps to navigate to theView Rulespage:
In the navigation bar, clickDetection > Rules & Detections.
Select theRules Editortab to view the rules page.
Click the filter icon at the top-right corner of the left navigation
tab. The menu provides the following options:Show All,Active Rules, andArchived Rules.
Viewing rule detections
On theRules Editortab, selectView Rule Detectionsfrom the drop-down
list available on the top-right corner. TheRule Detectionspage appears.
Archiving a rule
To archive a rule, complete the following steps:
Select a rule in the left navigation and click the option icon in the top-
right corner of the Google Security Operations user interface. SelectArchive Rulefrom the
menu.
Note the following:
Archiving is allowed even if the Alerting toggle is ON, it is automatically disabled.
Archiving is NOT allowed unless the Live toggle is disabled.
Archiving is NOT allowed unless there are NO Retrohunts in progress.
The following window is displayed with a message confirmation.
Confirm Archive message
Confirm Archive message continued
Unarchiving a rule
To unarchive a rule, complete the following steps:
Click the option icon for a specific rule in the left navigation pane. A menu
appears with the following options:View Detections,Duplicate, andUnarchive.
SelectUnarchive.
Select a rule in the left navigation pane and click the option icon in the
top right corner of the Google SecOps user interface. A menu appears with
the following options:View Detections,Duplicate, andUnarchive.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[[["\u003cp\u003eArchiving a rule hides its security data without deletion, and limits available functionality compared to active rules.\u003c/p\u003e\n"],["\u003cp\u003eArchived rules are not displayed on the Rules Dashboard, but the Test Rule function can still be used.\u003c/p\u003e\n"],["\u003cp\u003eTo view rules, navigate to Detection > Rules & Detections, select the Rules Editor tab, and filter by Show All, Active Rules, or Archived Rules.\u003c/p\u003e\n"],["\u003cp\u003eA rule can be archived by selecting the Archive Rule option within a specific rule's menu, and this action automatically disables alerting and is not allowed if the live toggle is on, or if there are retrohunts in progress.\u003c/p\u003e\n"],["\u003cp\u003eUnarchiving a rule can be done by selecting the Unarchive option in a rule's menu.\u003c/p\u003e\n"]]],[],null,["# Archive rules\n=============\n\nSupported in: \nGoogle secops [SIEM](/chronicle/docs/secops/google-secops-siem-toc)\n\nArchiving a rule enables you to hide the security data related to that rule (and all of its versions) without actually deleting the rule. Much of the functionality available for active rules (for example, enabling a rule) is not available for archived rules.\n\nNote the following:\n\n- Rules Dashboard does not display archived rules.\n- Test Rule can be used on archived rules.\n\nViewing rules\n-------------\n\nComplete the following steps to navigate to the **View Rules** page:\n\n1. In the navigation bar, click **Detection \\\u003e Rules \\& Detections**.\n2. Select the **Rules Editor** tab to view the rules page.\n3. Click the filter icon at the top-right corner of the left navigation tab. The menu provides the following options: **Show All** , **Active Rules** , and **Archived Rules**.\n\nViewing rule detections\n-----------------------\n\nOn the **Rules Editor** tab, select **View Rule Detections** from the drop-down\nlist available on the top-right corner. The **Rule Detections** page appears.\n\nArchiving a rule\n----------------\n\nTo archive a rule, complete the following steps:\n\n1. Select a rule in the left navigation and click the option icon in the top-\n right corner of the Google Security Operations user interface. Select **Archive Rule** from the\n menu.\n\n Note the following:\n - Archiving is allowed even if the Alerting toggle is ON, it is automatically disabled.\n - Archiving is NOT allowed unless the Live toggle is disabled.\n - Archiving is NOT allowed unless there are NO Retrohunts in progress.\n2. The following window is displayed with a message confirmation.\n\n\n **Confirm Archive message**\n\n\n **Confirm Archive message continued**\n\nUnarchiving a rule\n------------------\n\nTo unarchive a rule, complete the following steps:\n\n1. Click the option icon for a specific rule in the left navigation pane. A menu\n appears with the following options: **View Detections** , **Duplicate** , and **Unarchive**.\n\n2. Select **Unarchive**.\n\n3. Select a rule in the left navigation pane and click the option icon in the\n top right corner of the Google SecOps user interface. A menu appears with\n the following options: **View Detections** , **Duplicate** , and **Unarchive**.\n\n**Need more help?** [Get answers from Community members and Google SecOps professionals.](https://security.googlecloudcommunity.com/google-security-operations-2)"]]
Confirm Archive message
Confirm Archive message continued