Hi,
If I run "retrohunt" for a detection rule, will it delete existing alerts and cases from chronicle SOAR and generate the fresh detections on evaluating historical events OR it will create duplication and rednundant alerts and cases ?
Thanks !
Will "retrohunt" remove existing alerts / cases that were created from previous detections
+2
- Silver 2
Hello,
Retrohunt does not create or delete existing alerts and cases.
Retrohunt is used to analyze logs and potential alerts against a detection rule before enabling Live Detection. This allows for a thorough evaluation of the rule's effectiveness and helps ensure accurate alerting without impacting the current alert and case management workflow.
Thanks,
Suraj Kadav
+2Thanks, so just to confirm - if I then re-run retrohunt - 3 times, that will generate 3 * X alerts (based on number of historic events eligible for detection?)
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.