Why Can't we add value lists as condition in Correlation Rule Type & Threshold Rule Types even in 7.12? We can only add value lists in indicator match type rules. Why?
Hey @tushar.bansal!
Just to piggy back - for more info on why value lists are not supported for EQL and Threshold rules, see this comment . There is an existing enhancement request for adding this functionality. We always encourage users to go in and +1 or add to the conversation to help in prioritizing such requests.
1 Like
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.