Great content. I followed it step wise for MFA related Incidents. It failed me on 3rd step with error : ExpressionEvaluationFailed. The execution of template action 'For_each' failed: the result of the evaluation of 'foreach' expression '@triggerBody()?['object']?['properties']?['Alerts']' is of type 'Null'. The result must be a valid array. Am I missing something here?
Do Soc analyst L1 will do this in office!
Not sure, Its Depends Usually L2 and L3. Thanks!
what is authpriv? failed login attempts in authpriv, Is it like a table of logs?
unix.stackexchange.com/questions/59525/difference-between-authpriv-and-auth
Are data connector , , analytic rule playbook are interconnected?
Yes, In a way.
Great content. I followed it step wise for MFA related Incidents. It failed me on 3rd step with error :
ExpressionEvaluationFailed. The execution of template action 'For_each' failed: the result of the evaluation of 'foreach' expression '@triggerBody()?['object']?['properties']?['Alerts']' is of type 'Null'. The result must be a valid array. Am I missing something here?