Hi,
- I have a custom incident type
- I have a rule for this custome incident type
- I have set this incident category to escalation template
- I want to use automatic escalation that sends offenses with description that contains exact #Malware word.
- Resilient application for qradar escalate offense manually correctly, but automatic escalation create quite irrelevant incident for resilient.
I think that this is the issue from qradar app. Is the automatic escalation work with regular expression? If yes, this is not works. I have tested so many expressions.
What is the right expression for containing exact match here? Any help or documentation would be appreciated.
Best
------------------------------
Jasmine
------------------------------