I am trying to create a security incident when phishing email arrives. I went through few docs, that says- Security incident was created automatically, when a record was created in 'Security Incident phishing email' table based on these flows(Transform Phishing Email to Security Incident V1, Transform Phishing Email to Security Incident V1.1). kindly help me to create a record on 'sn_si_phishing_email' table?
'sn_si_phishing_email' records are created from Email(sys_email) records based on the 'Ingestion Rules'(sn_sec_cmn_email_action) defined. They can be found under the module, All --> Security Operations --> Email Processing --> Ingestion Rules - User Reported Phising.
Security incident was created with category as 'Phishing', why playbook was not attached to it even though, I enable 'Security Operation Spoke' and activated all the flow designers, kindly suggest on the same.
