Create a Splunk Rule

Use the following procedure to create a rule containing the splunk alert service:

Procedure

Step 1	In the Security Cloud Control platform menu, choose Products > Multicloud Defense .
Step 2	Navigate to System and Accounts > Service Alerts > Alert Rules.
Step 3	Click Create.
Step 4	Profile Name - Enter unique name for the integration. Example `mcd-mssentinel-alert-rule`.
Step 5	(Optional)Description - Enter a description for the aler trule.
Step 6	Alert Profile - Expand the drop-down menu and select a Microsoft Teams alert profile.
Step 7	Type - Expand the drop-down menu and select one of the following types: System Logs Audit Logs Discovery If you select Audit Logs, there are no other configurable items. Click Save to finalize the rule.
Step 8	If you select either System Logs or Discovery as your Type, then expand the Sub Type drp-down menu and select one of the following options: Gateway Account Controller
Step 9	Expand the Severitydrop-down menu and select one of the following labels. Note that the options below are dependent on the Type you selected in step 7. Info Warning Medium High Critical
Step 10	Enabled - This option is checked by default to enable and implement this alert immediately after saving. Unceck this box if you do not to immediately apply the rule to your environment.
Step 11	Click Save.