In some contexts you may want to filter our certain alerts from the related alerts module. For example, if the alert is about a specific IP, like a corporate egress IP it may lead to many matching alerts with limited value. Or in the case of #375 eDiscovery alerts may be frequent by a user whose job it is to do eDiscovery.
This feature will add an optional input to the related alerts module where it will allow for the insertion of custom KQL (primarily to input custom where statements)
In some contexts you may want to filter our certain alerts from the related alerts module. For example, if the alert is about a specific IP, like a corporate egress IP it may lead to many matching alerts with limited value. Or in the case of #375 eDiscovery alerts may be frequent by a user whose job it is to do eDiscovery.
This feature will add an optional input to the related alerts module where it will allow for the insertion of custom KQL (primarily to input custom where statements)