From 8faeaf4d10bf776aad90b22670fc0b9ae6008f12 Mon Sep 17 00:00:00 2001 From: jasonmarsh93 Date: Mon, 6 Jan 2025 16:06:23 +0000 Subject: [PATCH 1/2] Update automation.md --- docs/cado/discovery-import/automation.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/docs/cado/discovery-import/automation.md b/docs/cado/discovery-import/automation.md index 460c543b4..ee3451d26 100644 --- a/docs/cado/discovery-import/automation.md +++ b/docs/cado/discovery-import/automation.md @@ -66,3 +66,13 @@ You can manage detection rules in the **Rules** area (/detections/rules). This i ![Manage Rules](/img/detections-rules.png) +## How to manually perform an acquisition for GuardDuty alerts + +If an acquisition fails or you wish to retry importing a capture,, you can easily initiate one manually. + +Go to **Detections** > **Alert tab**, select the **GuardDuty alert**, and click **Actions** > **Triage** or **Full Acquisition** to begin the process. + +![Retry Logic](/img/retry-logic.png) + + + From fedaabbc4b9750f8c217e6284fc5457773688a1e Mon Sep 17 00:00:00 2001 From: jasonmarsh93 Date: Mon, 6 Jan 2025 16:10:54 +0000 Subject: [PATCH 2/2] Update automation.md --- docs/cado/discovery-import/automation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/cado/discovery-import/automation.md b/docs/cado/discovery-import/automation.md index ee3451d26..b8d96976b 100644 --- a/docs/cado/discovery-import/automation.md +++ b/docs/cado/discovery-import/automation.md @@ -68,7 +68,7 @@ You can manage detection rules in the **Rules** area (/detections/rules). This i ## How to manually perform an acquisition for GuardDuty alerts -If an acquisition fails or you wish to retry importing a capture,, you can easily initiate one manually. +If an acquisition fails or you wish to retry importing a capture, you can easily initiate one manually. Go to **Detections** > **Alert tab**, select the **GuardDuty alert**, and click **Actions** > **Triage** or **Full Acquisition** to begin the process.