There is a gatekeeper process in place for rule tuning to justify any additional filter I have to know why such events are being created. At the moment I am not clear why so many benign events are creating alerts when other benign registration events are not.
lonpm2
3
Related topics
| Topic | Replies | Views | Activity | |
|---|---|---|---|---|
| Microsoft 365 User Agent Field | 1 | 529 | November 4, 2022 | |
| Elastic Alerts | 3 | 434 | June 17, 2022 | |
| Elastic Detection Rules | 1 | 243 | February 11, 2024 | |
| User Agent Device Name | 4 | 937 | May 30, 2019 | |
| The response action does not work | 8 | 74 | April 24, 2026 |