Forum Discussion
Analytic rule does not tigger an incident in sentinel using watchlist
Hello. I have an issue with an analytic rule. This analytic read a watchlist to exclude some and show other users that remove other ones from specific groups. let watchlst_ =_GetWatchlist...
The gap between Rows in the output screenshot is larger than 7mins. So, unless you have data within that lookback period there wouldn't be an alert.
Have you increased the "lookup data from the last" field as a test to 1d or something?
Have you increased the "lookup data from the last" field as a test to 1d or something?
Hi Clive_Watson
Yes, actually I ran a sample test more than 7 minutes before I checked the Incidents blade.