Has anyone been having issues with the "Test Rule Results" windows in rules editor not showing any detections but when you turn the rule on it generates alerts?
Test Rule Results
+1
+12- Silver 2
I can't say that I have seen that. if you try a retro hunt do you get hits on it?
+1Yes Retrohunt does come up with the same results, but I was under the impression that the Test Rule window should function similar to retrohunt, but gets capped at 2 weeks past data
+12- Silver 2
sorry, I was out on PTO. That is weird and I can't say that I have seen that behavior.
Login to the community
Login with SSO
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.