Mar 31 2019 06:42 AM
I have a handful of rules that I've created with the intention of creating cases. I know that they're firing because I get email notifications. However, I'm not seeing cases generated, nor does alert counter incrementing in the Overview dashboard, or anywhere else for that matter.
My intention is to write a bullet proof procedure for creating a test alert. Has anybody out there already written one? I'm not sure if the query is where I'm going wrong, if I'm getting the alert configuration wrong or if I've stumbled upon a bug....or if there's something I've overlooked.
Apr 01 2019 09:14 AM - edited Apr 01 2019 09:18 AM
@Ofer_Shezaf: Perhaps this maybe related to the previous topic of "Default Sentinel Overview dashboard widgets indicate no data. Where is the query for the map".
Apr 03 2019 11:43 AM
@Valon_KolicaThis seems to be completely different. Maybe an example of an email notification where the alert is failing to create a case would work. I have hundreds of them. Here's one:
Here are the alert configs...
@Valon_Kolicaand @Ofer_Shezaf , I'm pretty sure user error is at issue here. (Just a hunch.) What am I doing wrong? I'd be grateful for your advice.
Peter
Apr 03 2019 12:52 PM
@Valon_KolicaThis seems to be completely different. Maybe an example of an email notification where the alert is failing to create a case would work. I have hundreds of them. Here's one:
Here are the alert configs...
@Valon_Kolicaand @Ofer_Shezaf , I'm pretty sure user error is at issue here. (Just a hunch.) What am I doing wrong? I'd be grateful for your advice.
Peter