Support Questions
Find answers, ask questions, and share your expertise

Stellar Threat Intel rule does not trigger

Stellar Threat Intel rule does not trigger

Explorer

I have the following field in my logs

'severity'

this field has integer values from 0-7. I have created a threat rule as follows

severity == 6

and given it a score of 50.

However when the logs get enriched and indexed. The rule does not assign a score to the record. It does get identified as a alert because the is_alert field is true.