Baselining Best Practices
This section assumes, that you have read the chapter basic-concepts/index:basic concepts.
All incoming logs, that do not match an existing case, will show up in the Baselining section. From here you can create cases and define your baseline, meaning every event showing in the baseline is in theory something unknown/new.
view case-creation1 case-creation2