is there any way to have a mail alert sent for Threat Emulation Events with High Severity that were only detected, but not prevented?
In SmartEvent, there seems to be only an option to choose Severity.
I already looked at the 'Global Exclusions' filter. The description states, that it 'discards logs whose properties match the values in the filter fields. These logs will not participate in any event processing.' Since I don't want to exclude the prevented Threat Emulation incidents from my Smart Event correlations, and this page does not offer the option to exclude by action, this is no help.
Any suggestions or new insights are very welcome.