Hello everyone,
I'd appreciate if anyone could step in to help me with an unclarity that I have.
For use cases (anything in the Enterprise Security > content), I have found out that for the NEW correlation searches that will be created I can use macros or eventtypes/tags in my correlation search to address all existing source types AND new source types that might be onboarded to have all my use cases (CSs up to date).
Could someone explain, how is this working with the content that comes by default with Enterprise Security? How do those out-of-the-box correlation searches (saved searches and all the others) know how to look into data from my source types if the source types aren't specified?
Thank you in advance to anyone that will take they time to make this clear to me
... View more