Resolved! Correlated Events Action
Hello,
How Palo Alto choose action for correlated events? For example we have several medium severity events with summary Host visited known malware URL. In some events action is alert and some events action is block-url.