Issue
Despite running the same RCCAR command to generate test threats for the same endpoint or account, separate threats for the tests are being published in the Red Canary Portal.
Environment
Red Canary Portal
Resolution
Threat publication is working as designed for RCCAR. Any threats for completed tests can be resolved after your review is complete. For more information on performing tests with RCCAR, see Generating Test Threats in Red Canary.
Cause
Red Canary will not append subsequent activity or commands related to RCCAR tests to open or existing test threats. Each test will publish a new threat to the Red Canary Portal.
Comments
0 comments
Please sign in to leave a comment.