Hi,
If I run "retrohunt" for a detection rule, will it delete existing alerts and cases from chronicle SOAR and generate the fresh detections on evaluating historical events OR it will create duplication and rednundant alerts and cases ?
Thanks !
Page 1 / 1
Hello,
Retrohunt does not create or delete existing alerts and cases.
Retrohunt is used to analyze logs and potential alerts against a detection rule before enabling Live Detection. This allows for a thorough evaluation of the rule's effectiveness and helps ensure accurate alerting without impacting the current alert and case management workflow.
Thanks,
Suraj Kadav
Thanks, so just to confirm - if I then re-run retrohunt - 3 times, that will generate 3 * X alerts (based on number of historic events eligible for detection?)
Thanks, so just to confirm - if I then re-run retrohunt - 3 times, that will generate 3 * X alerts (based on number of historic events eligible for detection?)
Hello Swanand,
No. Retrohunt won't generate any alerts.
Reply
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.