Hello All!
I'm currently in the process of going over our correlation rules and outputs. I've reached a point in Enterprise Security that when an alert is sent out on a triggered correlation rule it sends out the Incident Response steps. Is there a way to move the data that triggered the event to the top of the email that's sent out? I've provided a screenshot that shows the event data, which is at the end of the email, after the Incident Response steps, rather than at the top.
Thank you!
Oliver