Open jupp0r opened 3 years ago
The alert from the readme.md page is something like this
Message:
Suspicious authentication event detected! :fire: <https://your-link|Create Incident>
\```
Dec 17 text is is a code block. Add three backticks in front of your text
\```
Attachment: - link to alert Fields: host, clientip_location, ...
reference: https://raw.githubusercontent.com/splunk/slack-alerts/main/screenshots/message_example.png
It would be great if you would supply the text that goes into the "Message" field to produce the nice alert you have in the Readme.md (together with a sample query it belongs to). Thanks!