Has anyone been having issues with the "Test Rule Results" windows in rules editor not showing any detections but when you turn the rule on it generates alerts?
Page 1 / 1
I can't say that I have seen that. if you try a retro hunt do you get hits on it?
Yes Retrohunt does come up with the same results, but I was under the impression that the Test Rule window should function similar to retrohunt, but gets capped at 2 weeks past data
sorry, I was out on PTO. That is weird and I can't say that I have seen that behavior.
Reply
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.