Custom Detection Details

We setup a custom detection in InsightIDR and we configured it to send email notifications when triggered. We received the first one and it says “The log line that triggered this alert is not included because the person who created the alert opted out of it. To see that information, contact the creator of the alert.”

How do we opt-in to include the log details in the notification? I don’t see any setting that seems to apply to this in the detection rule.

This one is a little hidden, you need to Navigate to Detection Rules → Basic Custom Detection Rules → Labels &

Screenshot 2024-06-20 at 11.43.40 AM

Notification Targets → Find the Target in question, hit the Edit Pencil

Screenshot 2024-06-20 at 11.43.47 AM

Then change the log context to Send Only Log line and save

Log context here refers to other logs that happened before the log in question, which is usually only relevant in some particular scenarios.

Screenshot 2024-06-20 at 11.43.57 AM


1 Like

Thanks for your response. That helped me change the setting.