Skip to main content
The CMS is ContraForce’s detection rule management engine. It provides a library of expert-authored detection rules that you can deploy across Sentinel environments without writing KQL.

Key Features

  • Expert-authored rule library organized by data source and MITRE ATT&CK mapping
  • Toggle-based activation — enable or disable rules with a click
  • CalVer versioning with auto-update capability
  • Multi-workspace deployment — push rules to multiple Sentinel workspaces
  • No KQL required for basic operations

Requirements

XDR + SIEM module deployed (CMS is not available with XDR-only)
Content Admin or Admin workspace role

Getting Started

  1. Navigate to the Content Management System from the main navigation
  2. Browse the rule library by data source or MITRE technique
  3. Toggle rules on to deploy them to your connected Sentinel workspace
  4. Monitor rule performance through incident correlation
For the full setup guide, see CMS Module Setup.