Hi,
I'm trying to configure a NEAT that would send one email / raise one SNOW incident for each episodes.
I tried a few different Action Rules:
Number of events in episode >= 1 --> this would send emails for every notable events instead of one for the episode, and will continue sending emails until the episode breaks
Number of events in episode == 1 --> this does not trigger emails, since the episodes would typically have 3-4 events
I have a different NEAP for a different type of alert where it would raise the incident correctly after the 3rd (same) event e.g. after 15 minutes at 5 mins search interval - by using: - Number of events in episode == 3
In this case though, the events are generated all at once, and there could be 1-8 events from different environments that I'm aggregating to one episode.
Regards
... View more