Does anyone have any insight to what the plan is for the trigger ‘SIEM Legacy Detection Rule’ and ‘SIEM Detection Rule’? Will the SIEM Legacy Detection Rule be going away in the near future? I find it a little frustrating that the SIEM Detection Rule does not get an investigation or alert rrn. I know I can add a few extra steps for time and search for open alerts/investigations, but that doesn’t help if I have multiple alerts/investigations coming in at the same time along with automated workflows to add comments to the investigations. I enjoy the SIEM Detection Rules because now I can get a little more granular with which detection rules I want to trigger off of. For example I have a Legacy Detection Rule trigger workflow right now that every time an inbox rule is created where all email goes to the deleted folder, I have a soc analyst use automate to reset all 365 sessions, reset the password and disable the inbox rule that was created. Ideally I would like to keep adding detection rules to this as R7 keeps adding them.
what’s everyone else doing?