Creating alerts manually

You can create an alert manually from a set of events. You can use this functionality to examine a hypothetical incident that has not been detected automatically.

If the alert is created manually, playbooks will not launch automatically. You can launch a playbook for such an alert manually.

To create an alert manually:

1. In the main menu, go to Monitoring & reporting → Threat hunting.
2. Select the events for which you want to create an alert. The events should belong to the same tenant.
3. Click the Create alert button.

   A window shows up that displays the created alert. The Severity field value corresponds to the maximum severity among the selected events.

Manually created alerts have a blank Rules value in the Monitoring & reporting → Alerts table.