Event Type Missing Workflows

Hello - we’ve been migrating legacy rules when we can, but we’ve been having some issues with some of the event types not being available to create workflows with. A lot of the User Behavior ones have event types like asset authentication and AD Admin Activity - and I’m not seeing any of those options when choosing a trigger. Maybe I’m blind, or it’s not possible yet - figured I’d ask and perhaps see if there’s an alternative.

I asked a very similar question in “Discuss” just yesterday :-). Glad you asked as well.

. . . no replies to your question or mine so I am opening a support case.

Hi @bdroege you would select IDR Detection Rule, and then Asset Auth as the type and then within the ruleset you should be able to find the rules

However I see there is no trigger currently for AD Admin activity, we will need to address this with Engineering

David

That must be new - I could’ve sworn I checked everywhere! :sweat_smile:

Thank you - this does answer my question, and thing you for touching on the AD Admin activity and talking on that.