Forum Discussion
No Automated Investigation Triggered for High Severity Incident
Hi Community, I’ve noticed an issue where no Automated Investigation and Response (AIR) was invoked for a high-severity incident and alert on a device that belongs to a device group configured with ...
Hi, we still notice no AIR triggering for numerous alerts. For example, ' Suspicious command in RunMRU registry ' is solely detected, the device is up-and-running and still no AIR is invoked, although the device is part of a device group with FULL AIR.