For the Alerts , Detection rules
Under Action when i am trying to output to an email
Why doesn't the variable {{context.rule.investigation_fields}} give me the values of the investigation fields, in the emails i just get the field names back example below
contxt.rule.investigation fields {"field_names":["@timestamp","event_data.TargetUserName","event.action","source.ip","winlog.computer_name"]}