Monday
I'm trying to create an alert for an email DLP Event where I want to alert when a rule is matched and then the email is allowed vs blocked.
The issue I'm facing is I don't know how to alert when the events that I want to alert (is rule matched and was it allowed) are recorded across different log events
For example
Event 1 - Email rule matched
Event 2 - Email action allows
Each of these events occur across different log entries when in the investigate module, but I don't know how to create an alert that traverses these multiple events.