We setup a custom detection in InsightIDR and we configured it to send email notifications when triggered. We received the first one and it says “The log line that triggered this alert is not included because the person who created the alert opted out of it. To see that information, contact the creator of the alert.”
How do we opt-in to include the log details in the notification? I don’t see any setting that seems to apply to this in the detection rule.
This one is a little hidden, you need to Navigate to Detection Rules → Basic Custom Detection Rules → Labels &
Notifications
Notification Targets → Find the Target in question, hit the Edit Pencil
Then change the log context to Send Only Log line and save
Log context here refers to other logs that happened before the log in question, which is usually only relevant in some particular scenarios.
David
Thanks for your response. That helped me change the setting.