Generates a detection alert for each external alert written to the configured indices. Enabling this rule allows you to immediately begin investigating external alerts in the app.

Rule type: query

Rule indices:

Severity: medium

Risk score: 47

Runs every: 5m

Searches indices from: None (Date Math format, see also Additional look-back time)

Maximum alerts per execution: 10000

References: None

Tags:

Version: 102

Rule authors:

Rule license: Elastic License v2

event.kind:alert and not event.module:(endgame or endpoint or cloud_defend)