Correlated Incident Detections

Configure the following event notification to notify administrators when correlated incidents have been detected.

Go to Detections > Notifications > Event Notifications.
The Event Notifications screen appears.
Click Advanced Threat Activity.
A list of events appears.
In the Event column, click Correlated incident detections.
The Correlated Incident Detections screen appears.
Specify the following notification settings.

Settings

Description

Attach logs in CSV format

Select to send event notification recipients a *.csv file containing log data about the detections.
Select recipients for the notification.
1. From the Available Users and Groups list, select contact groups or user accounts.
2. Click >.
  The selected contact groups or user accounts appear in the Selected Users and Groups list.

Settings	Description
Attach logs in CSV format	Select to send event notification recipients a *.csv file containing log data about the detections.

Enable one or more of the following notification methods.

Method	Description
Email message	To customize the email notification template, use supported token variables or modify the text in the Subject and Message fields. For more information, see Advanced Threat Activity Token Variables. Note: The %hostIP% and %group% token variables are not applicable in email notifications because data is aggregated from multiple hosts.

Method

Description

Email message

To customize the email notification template, use supported token variables or modify the text in the Subject and Message fields.

Note:

The %hostIP% and %group% token variables are not applicable in email notifications because data is aggregated from multiple hosts.