I'm looking at the built-in out of box Create incidents based on <Microsoft security service> alerts rules.
When you click on the rule from the Analytics page you see the rule summary page (see attachment #1) there you'll see a field for "Exclude by alert name"
When you attempt to edit this same rule, there is no field for "Exclude by alert name" (see attachment #2)
Am I missing something?
View best response
Just saw this, thanks MS for adding it.