cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Question Regarading Analytic rules

smahrl
Copper Contributor

‎Jul 21 2020 04:48 AM

‎Jul 21 2020 04:48 AM

Question Regarading Analytic rules

Hello

 

I have following Problem, i created an analytic rule which simply queries a log source, 

usually this query rule does return multiple lines as a result.

 

Now i simply want to have one Incident (Incident id) for each of the results returned by the Query.

The Goal would that this Incident can be dispatched to different groups and investigated. 

Usually for of each line returned by the Analytic rule a different Team is responsible,

So, I want to have Separate incidents for that.

 

Could somebody explain me how to do so, I have meanwhile tried all the Possible settings in the Analytic Rule but so far did not found the right way to do so.

 

KR
Sebastian

844 Views
0 Likes
2 Replies
Reply
2 Replies
Gary Bushey

‎Jul 21 2020 05:04 AM

‎Jul 21 2020 05:04 AM

Re: Question Regarading Analytic rules

@smahrl This feature is in private preview and should be released soon

0 Likes
Reply
smahrl

‎Jul 21 2020 05:07 AM

‎Jul 21 2020 05:07 AM

Re: Question Regarading Analytic rules

@Gary Bushey thanks a lot for fast response :)

I thought i really missing something here.

Hopefully that feature we be soon released to public.

We do have very high demand on that.

 

KR
Sebastian

0 Likes
Reply