Machine Learning rule does not trigger while

Hello,

i have created a machine learning job and i have selected this job in the correspondent machine learning rule in Security->Rules-> Detection Rules and have added as action a notification to my e-mail.
I have also set up a notification email on the machine learning job level.

However i am not receiving any notification from the ML rule. I am receiving notification only from the job.
Have you got any idea why this happens?

Thank you in advance,
Vivian

Hi @Poukim0m,

There are multiple reasons why you don't receive notification emails. You need to make sure the following

• Alerts are generated by the rule. Actions get triggered for alerts generated by the rule. If there are no alerts no actions will be triggered.
• There is a properly configured email connector. You can send a test email to make sure credentials are correct and connectors works as expected.
• An email action using the mentioned connector is added to the rule and rule saved so you can see the added action on the rule details page
• Rule is not snoozed. Rule snoozing disables actions. While rule is snoozed actions won'e be triggered for generated alerts.

Let me know if it didn't help.

Hi Maxim.

Thank you for your response.
I receive alerts from jobs but at the same time alerts are not created by the corresponding rule.

Is there something more to check? Because it does not make sense

Hello, just to let you know that after attending an elastic workshop i was able to find the solution to this. I had to widen the lookback time of the detection rule.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.