Is it possible to create alerts based on detections rules that have failed for any reason. Ideally, it would fire into the detection queue?
I don't see anyway how that could work, with the current set of "Rule Types" for detections. And if rules are failing then that means you need to scale up setup that can handle the amount of detection rules you have enabled or you can just enable a set of detections that will meet your environment.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.