Hi folks,
I created a correlation search that looks for administrators setting passwords to never expire, which then creates a notable event for incident review. I tried setting the severity to both "high" and "critical", but when the notable is created the urgency field shows up only as "informational".
When I test the rule, I did it against on accounts that show up as both "high" and "critical" priority in the Identity Investigator, data I enrich via Active Directory.
I checked the lookup table for urgency_lookup and it is as you would expect, nothing is different than the default that would make it calculate to informational. What may I be missing?
Thanks!
Hello @ravida, If you have already checked urgency_lookup along with severity and priority of the assets/identities - there is nothing much to check. Except
Hello @ravida, If you have already checked urgency_lookup along with severity and priority of the assets/identities - there is nothing much to check. Except
Hello, Just checking through if the issue was resolved or if you have any further questions?