Home

Cases not being created when rules fire

%3CLINGO-SUB%20id%3D%22lingo-sub-391426%22%20slang%3D%22en-US%22%3ECases%20not%20being%20created%20when%20rules%20fire%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-391426%22%20slang%3D%22en-US%22%3E%3CP%3EI%20have%20a%20handful%20of%20rules%20that%20I've%20created%20with%20the%20intention%20of%20creating%20cases.%20I%20know%20that%20they're%20firing%20because%20I%20get%20email%20notifications.%20However%2C%20I'm%20not%20seeing%20cases%20generated%2C%20nor%20does%20alert%20counter%20incrementing%20in%20the%20Overview%20dashboard%2C%20or%20anywhere%20else%20for%20that%20matter.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMy%20intention%20is%20to%20write%20a%20bullet%20proof%20procedure%20for%20creating%20a%20test%20alert.%20Has%20anybody%20out%20there%20already%20written%20one%3F%20I'm%20not%20sure%20if%20the%20query%20is%20where%20I'm%20going%20wrong%2C%20if%20I'm%20getting%20the%20alert%20configuration%20wrong%20or%20if%20I've%20stumbled%20upon%20a%20bug....or%20if%20there's%20something%20I've%20overlooked.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-394112%22%20slang%3D%22en-US%22%3ERe%3A%20Cases%20not%20being%20created%20when%20rules%20fire%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-394112%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F293935%22%20target%3D%22_blank%22%3E%40Valon_Kolica%3C%2FA%3EThis%20seems%20to%20be%20completely%20different.%20Maybe%20an%20example%20of%20an%20email%20notification%20where%20the%20alert%20is%20failing%20to%20create%20a%20case%20would%20work.%20I%20have%20hundreds%20of%20them.%20Here's%20one%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20751px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F101632iA9A96C07D4475D32%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22Copy%20of%20NotificationSample11.png%22%20title%3D%22Copy%20of%20NotificationSample11.png%22%20%2F%3E%3C%2FSPAN%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20751px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F101631i6DBC8F6FBC883C72%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22Copy%20of%20NotificationSample12.png%22%20title%3D%22Copy%20of%20NotificationSample12.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3EHere%20are%20the%20alert%20configs...%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20792px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F101633i1255226F81A52D44%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22configs.png%22%20title%3D%22configs.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F293935%22%20target%3D%22_blank%22%3E%40Valon_Kolica%3C%2FA%3Eand%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F293879%22%20target%3D%22_blank%22%3E%40Ofer_Shezaf%3C%2FA%3E%20%2C%20I'm%20pretty%20sure%20user%20error%20is%20at%20issue%20here.%20(Just%20a%20hunch.)%20What%20am%20I%20doing%20wrong%3F%20I'd%20be%20grateful%20for%20your%20advice.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EPeter%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-394075%22%20slang%3D%22en-US%22%3ERe%3A%20Cases%20not%20being%20created%20when%20rules%20fire%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-394075%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F293935%22%20target%3D%22_blank%22%3E%40Valon_Kolica%3C%2FA%3EThis%20seems%20to%20be%20completely%20different.%20Maybe%20an%20example%20of%20an%20email%20notification%20where%20the%20alert%20is%20failing%20to%20create%20a%20case%20would%20work.%20I%20have%20hundreds%20of%20them.%20Here's%20one%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20751px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F101632iA9A96C07D4475D32%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22Copy%20of%20NotificationSample11.png%22%20title%3D%22Copy%20of%20NotificationSample11.png%22%20%2F%3E%3C%2FSPAN%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20751px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F101631i6DBC8F6FBC883C72%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22Copy%20of%20NotificationSample12.png%22%20title%3D%22Copy%20of%20NotificationSample12.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3EHere%20are%20the%20alert%20configs...%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20792px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F101633i1255226F81A52D44%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22configs.png%22%20title%3D%22configs.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F293935%22%20target%3D%22_blank%22%3E%40Valon_Kolica%3C%2FA%3Eand%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F293879%22%20target%3D%22_blank%22%3E%40Ofer_Shezaf%3C%2FA%3E%20%2C%20I'm%20pretty%20sure%20user%20error%20is%20at%20issue%20here.%20(Just%20a%20hunch.)%20What%20am%20I%20doing%20wrong%3F%20I'd%20be%20grateful%20for%20your%20advice.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EPeter%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-391964%22%20slang%3D%22en-US%22%3ERe%3A%20Cases%20not%20being%20created%20when%20rules%20fire%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-391964%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F302813%22%20target%3D%22_blank%22%3E%40PeterSchawacker%3C%2FA%3E%3A%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20style%3D%22background-color%3A%20transparent%3B%20box-sizing%3A%20border-box%3B%20color%3A%20%230077d4%3B%20font-family%3A%20%26amp%3Bquot%3B%20segoeui%26amp%3Bquot%3B%2C%26amp%3Bquot%3Blato%26amp%3Bquot%3B%2C%26amp%3Bquot%3Bhelvetica%20neue%26amp%3Bquot%3B%2Chelvetica%2Carial%2Csans-serif%3B%20font-size%3A%2016px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20300%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20outline-color%3A%20invert%3B%20outline-style%3A%20none%3B%20outline-width%3A%200px%3B%20text-align%3A%20left%3B%20text-decoration%3A%20underline%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%22%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F293879%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3E%40Ofer_Shezaf%3C%2FA%3E%3CSPAN%20style%3D%22display%3A%20inline%20!important%3B%20float%3A%20none%3B%20background-color%3A%20%23ffffff%3B%20color%3A%20%23333333%3B%20font-family%3A%20'SegoeUI'%2C'Lato'%2C'Helvetica%20Neue'%2CHelvetica%2CArial%2Csans-serif%3B%20font-size%3A%2016px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20300%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%22%3E%3A%3C%2FSPAN%3E%20Perhaps%20this%20maybe%20related%20to%20the%20previous%20topic%20of%20%22Default%20Sentinel%20Overview%20dashboard%20widgets%20indicate%20no%20data.%20Where%20is%20the%20query%20for%20the%20map%22.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
PeterSchawacker
New Contributor

I have a handful of rules that I've created with the intention of creating cases. I know that they're firing because I get email notifications. However, I'm not seeing cases generated, nor does alert counter incrementing in the Overview dashboard, or anywhere else for that matter. 

 

My intention is to write a bullet proof procedure for creating a test alert. Has anybody out there already written one? I'm not sure if the query is where I'm going wrong, if I'm getting the alert configuration wrong or if I've stumbled upon a bug....or if there's something I've overlooked.

3 Replies

@PeterSchawacker

@Ofer_Shezaf: Perhaps this maybe related to the previous topic of "Default Sentinel Overview dashboard widgets indicate no data. Where is the query for the map".

 

@Valon_KolicaThis seems to be completely different. Maybe an example of an email notification where the alert is failing to create a case would work. I have hundreds of them. Here's one:

 

Copy of NotificationSample11.pngCopy of NotificationSample12.png

Here are the alert configs...

configs.png

@Valon_Kolicaand @Ofer_Shezaf , I'm pretty sure user error is at issue here. (Just a hunch.) What am I doing wrong? I'd be grateful for your advice. 

 

Peter

@Valon_KolicaThis seems to be completely different. Maybe an example of an email notification where the alert is failing to create a case would work. I have hundreds of them. Here's one:

 

Copy of NotificationSample11.pngCopy of NotificationSample12.png

Here are the alert configs...

configs.png

@Valon_Kolicaand @Ofer_Shezaf , I'm pretty sure user error is at issue here. (Just a hunch.) What am I doing wrong? I'd be grateful for your advice. 

 

Peter

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
46 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
13 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Extentions Synchronization
Deleted in Discussions on
3 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies