Can anyone help me with rules for the below events on SEM
Simultaneous Logins
Malware Detection on systems – with the view to take action at a later point in time (remove system from the network).
New Application Installation on systems
Traffic by Destination Port
SEM Log storage
Server Status
Torrent Traffic .