...
There are two different ways to start sending events and alerts with Devo DeepTrace:
New alert definition:
You can activate auto-investigation in DeepTrace when creating a new alert definition from the Data search tab. Once the table is open, click the alert icon to create a new alert definition and select Auto-investigate in DeepTrace.
...
| Info |
|---|
Auto-investigate in DeepTrace DeepTrace does not allow grouping tables. When you click on Auto-investigate in DeepTrace the auto-investigation queryopens your query without grouping. Here you can also modify the query that is going to be investigated by DeepTrace. |
Data search:
You can select suspicious events and send them to DeepTrace for investigation by clicking on the Engine tool button → New → Investigate in DeepTrace. You can also drag the DeepTraceicon from the tools to the main bar.
...