Watchlisted Event Observed

Description

Alerts when an event is discovered including text has been identified as important. This rule triggers whenever an event is discovered with the tag of "watchlist".

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Other

Category

Other

Alert Volume

Alerts when an event is discovered including text has been identified as important. This rule triggers whenever an event is discovered with the tag of "watchlist".

SPL Difficulty

Advanced

Journey

Stage 4

Data Sources

Any Splunk Logs