As someone new to InsightConnect, I want to create an automation that merges multiple rules when they are triggered and writes the assets to the first triggered rule. Where should I start to create a workflow that automatically follows and merges the rules?
Hello!
Could you provide more details on what you mean by “multiple rules”? Specifically, it would be helpful to know:
- Systems Involved:
- What systems do you need to connect to in your workflow? For example:
- SentinelOne
- InsightIDR
- Jira
- Initiating Event:
- What would be the initiating event that triggers the workflow?
If you can provide those details, I’ll be able to give you a more detailed answer on how to begin.
Hi Darrick,
We are using InsightIDR. For example, it may say 10 malicious file hash detections. An alarm is triggered after the malicious hash value is first found and then it also pops up on different hosts. I want to collect the hosts and users information of other alarms that come within 30 minutes after the first detection in the first alarm. there is a couble minute gap between each alerts.