Hello team,
Β
Is it possible to use UDM filters to filter the events that triggered a rule?
In QRadar, you can apply this type of filter to determine which event actually triggered the rule, and Iβd like to know if SecOps has the same search mechanism, since we use this data to create a report.
Regards,
Renato Ferreiraβββββββ
