I have created a custom detection rule on my InsightIDR platform. Now, I want to trigger the workflow based on that custom detection rule and send that event log to the triggered workflow so that it can be further leveraged under the action part of the InsightConnect workflow.
Question:
Is it possible to send the event detected by the custom detection rule to the workflow for further action ?
Findings:
I have verified that in the trigger section of the workflow, user can select the defined custom detection rule. However, it does not show that it fetches the event log as a part of that trigger.
Can someone please share the light upon this on how to achieve this?
Moreover, there is InsightIDR Legacy Detection rule in the trigger section, which says that it will provide the event logs in predefined format so that it can be leveraged further. I want to create similar kind of thing where some tweak need to be added so that it can suffice my use-case.
Thanks in advance!