A policy that specifies a different Severity level based upon the number of incident matches may generate an Endpoint incident with an incorrect Severity level.
For example, a policy is created with the following Severity settings: Default Severity = Info. Severity = High, if (# of matches) > = 20. Severity = Medium, if 10 < (# of matches) <20. Severity = Low, if (# of matches) < = 10.
The resulting incidents do not contain Severity levels that match the Severity settings.
Imported Document ID: TECH221180
Subscribing will provide email updates when this Article is updated. Login is required.