QUESTION

Can I return a detection triggering event in the alert_context function?

ANSWER

Yes, it is possible to return a detection/policy triggering event in the alert_context function. This is demonstrated in our sample rule templates on GitHub.

When creating a detection, keep in mind that each alert destination may have a character limit. For example, Slack has a character limit of 1800.