I have setup a few correlated events which currently are showing up in the incident review console as urgency (unknown) if you "Uncheck" all the Urgency levels. I have checked the searches and it has the correct input. I also setup it up so all three values eval to "high" (priority,severity,urgency) but it still only fires as high as a "medium" event. Does anyone know what could be causing these events now to show up as high. I have reviewed the articles about how urgency is assigned and the lookup table is fine it actually says it should be set to high but its still not doing it.
↧