Hi,
Just came across the “Manual rule run cannot be scheduled earlier than 90 days ago” message for the first time. Is there a reason for this limitation and more importantly; can I override it? Tried to find any kind of information here in the forums, on github and just on the internet. I get that you might want to avoid to spawn a crazy amount of 1 minute lookback runs by mistake but even then it should be a warning rather than a full stop? And the start date shouldn’t be a factor at all, just the total time. If I want to run my rules agains data from a specific week in 2022 that shouldn’t be a problem, right?
In my case I have a huge dataset that I use when testing new and modified rules, but I don’t want to ingest this data every 90 days just to be able to run rules against it.
Does anyone got tips or ideas on how this could be circumvented or if there’s some other way to run detection rules further back in time?