Creating alerts manually
Creating alerts manually
You can create an alert manually from a set of events. You can use this functionality to examine a hypothetical incident that has not been detected automatically.
If the alert is created manually, playbooks will not launch automatically. You can launch a playbook for such an alert manually.
To create an alert manually:
- In the main menu, go to Monitoring & reporting → Threat hunting.
- Select the events for which you want to create an alert. The events should belong to the same tenant.
- Click the Create alert button.
A window shows up that displays the created alert. The Severity field value corresponds to the maximum severity among the selected events.
Manually created alerts have a blank Rules value in the Monitoring & reporting → Alerts table.
Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.
