Data Source rules are rules specific to a data source type. There are three primary types that will typically generate a lot of data source rules, these are "auto Learned" for the SIEM.
For windows event log's they will get parsed and added as data source rules. E.G. If you have a custom service creating events in the security event log, and you are gathering the security event log.
Then Vulnerability data sources (Rapid7, Nessus, etc) will generate datasource rules from the scan results data.
Then lastly you will have data source rules auto generated by data sources that are syslog sources where you specified in the data source definition option "Support Generic Syslogs-Process as generic syslog" this typically bombs out the data source rules if you leave this option on. As it will instantiate a DS rule per line of syslog. Only use the "parse as generic syslog" TEMPORARILY. Then write a regex ASP parser rule and, ensure to enable that new ASP rule in the Policy you have associated with the "parse as generic syslog" data source, and then set that data source to "Support Generic Syslogs-Do nothing" then roll out policy.