Hello,
I have alerting ON for rules, for custom ones alerting = “true” in the meta of the rule but none of the alerts are creating cases. Could there be an issue with either the connector or the instance. Any help would be appreciated.
Thanks
Question
unable to create cases
+1
+10Sounds like it could be an issue with the connector. Have cases been created in the past or is this a new instance?
+1This is a relatively new instance. (also, not much looked at)
- Silver 2
Hello @saru_26
Please check below things:
-
Rule Testing & Detections:
First, confirm that your rule is generating detections. Try running the rule manually or validating it with test data. If detections are showing up during testing, that’s a good sign. -
Alerts Visibility:
After enabling the rule and turning ON alerting, check whether the alerts are actually appearing under the Alerts & IOCs section. -
Connector Configuration:
If alerts are being generated but no cases are being created, it's likely an issue with the connector. Please verify:-
The connector is turned ON.
-
A Run Frequency is set.
-
The Service Account field is properly configured for your instance.
-
Any misconfiguration in the connector can prevent case creation, even if alerts are generated.
Hope this helps! Let me know how it goes or if you need help checking anything specific.
+10The connector also has test functionality. If you run it and share the output, we can take a look and see if there’s any errors.
-mike
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.