Hello, I am testing the Gold license and I thought it would be a good idea to send an E-Mail for every alert detected by the SIEM ("Alert" tab).
I generally found out how to do that. I created a connector i.e. Mail connector and tested it.
Then I go to the rule and edit the action for the rule to use the connector. Then I edit the body, title etc. so it uses data from the rule.
Now I have 660 Rules that would need to be update. Is there a way to bulk-update the action or do I really have to manually edit each rule action?!
Also I would like to know if I can use the {{}} references to add information from the alerted event itself and not only from the static rule properties. E.g. "The alerted process was {{process.name.text}}".