Hi all
How to run the detection rule manually,
I have some rule that have query time of about few hour each, and i want to have a quick test of the rule to make quick change.
Is there some curl or something to do that?
Thanks for your time
Hey there @lusynda, thanks for the enhancement request!
Currently it's not possible to run a rule manually, however here is the issue for tracking this feature. If you'd like to take a moment and comment with your use case that helps us prioritize these efforts.
In the meantime, the quickest/easiest way to get a preview (without exceptions), would be to save your query, and then load it in Timeline.
Save Query from KQL Bar
Save Query with Name + Filters
Open Timeline and Load Saved Query
Note: Updating a Rule to run on a saved query will result in that Rule querying for the latest version of that saved query each time it executes, so you may just want to back out of editing the Rule (instead of saving) if this is not your desired behavior.
Hope this helps! 