Abstract
Learn more about the notifications that are relevant for Cortex XSIAM Data Model Rules.
To help you monitor effectively your Data Model Rules, Cortex XSIAM sends notifications to your Cortex XSIAM console Notification Center.
Cortex XSIAM sends the following notification:
Invalid Data Model Rules—Notifies when a Data Model Rule is invalid and will be excluded from 'datamodel' queries.
To ensure you and your colleagues stay informed about Data Model Rules activity, you can also Configure Notification Forwarding to forward your Data Model Rules logs to an email distribution list or Syslog server. For more information about the Data Model Rules audit logs, see Monitor Data Model Rules Activity.