UTMStack
Understanding the UTMStack Correlation Engine #752
-
|
Initial Alert Triggering: However, in my experience, I've noticed that the alerting behavior changes after the initial trigger. Specifically, the engine only creates alerts the first one or two times a rule is triggered for the same use case. Subsequent triggers do not generate new alerts in the threat management system. So, How actually it works? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 2 replies
-
|
Hi, @jayapradhainfysec, the correlation engine works as you're saying. The rules aren't triggered for the same use case, like: host, user, ip. When the engine process a use case more than one time within 24h, the logs get grouped in the same rule. Best regards |
Beta Was this translation helpful? Give feedback.
-
|
Any way to edit email template ? |
Beta Was this translation helpful? Give feedback.
-
|
Hi @jayapradhainfysec the email template is not editable. Best regards |
Beta Was this translation helpful? Give feedback.
Hi, @jayapradhainfysec, the correlation engine works as you're saying. The rules aren't triggered for the same use case, like: host, user, ip. When the engine process a use case more than one time within 24h, the logs get grouped in the same rule.
Best regards