I have a rule with a match window of 4 hours and have the frequency of the rule set to 1 hour. I expect the rule to run hourly and match on the last 4 hours of data when creating a detection. Instead, I am only getting a detection every 4 hours. How should I set this up instead?
Page 1 / 1
Hi, a quick question ; Have you tried configuring the frequency to be 1 hour as well ? was there a reason for using a 4 hours frequency ?
Reply
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.