Aug 21 2023 09:42 AM
Hi,
I am attempting to create a custom detection rule.
The query logic works, and includes Timestamp and ReportId.
However when I click Create detection rule from the Advanced hunting view of my query, and attempt to fill in the Alert details form, I click the Select Category drop-down and no results appear. Being unable to select a Category is preventing me from creating any rules.
I have the Security Administrator role (as well as Global Administrator), and I have ensured a fresh sign-in.
I can reproduce the issue with MS Edge and Chrome (latest versions in both cases).
Where are the Categories selected from?; how do I get past this issue?
TIA