is there anybody who knows how External Alert mapping rules work in a case there is more than one of them?
Do you create an alert for every rule that was hit or is there some kind of precedence?
There is no mention in documentation.
you're right, but what is not clear to me is when are alerts created when you have multiple rules.
- Are they evaluated from top to botom like in the firewall, or are all of them evaluated at the same time?
- If they are evaluated at the same time (and based on filtering both of them are hit), are multiple alerts created?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!