AnsweredAssumed Answered

Working with correlation rules in Incident Management

Question asked by Craig Cameron-Weir on Sep 29, 2016
Latest reply on Sep 30, 2016 by Mark Karlstrand

I'm trying to work with the Incident Management module in 10.6, and I can't find documentation that properly explains its interaction with ESA alerts.


  1. Why do correlation rules refer to Severity as a numeric value as opposed to a string? (ESA severities are Low, Medium, High, and Critical).
  2. Where is the "Alert Rule ID" defined for an ESA alert?