Review Comments

Author: shashank-elastic

rules/promotions/external_alerts.toml

@@ -10,6 +10,7 @@ description = """
 Generates a detection alert for each external alert written to the configured indices. Enabling this rule allows you to
 immediately begin investigating external alerts in the app.
 """
+from = "now-2m"
 index = [
     "apm-*-transaction*",
     "traces-apm*",
@@ -19,6 +20,7 @@ index = [
     "packetbeat-*",
     "winlogbeat-*",
 ]
+interval = "1m"
 language = "kuery"
 license = "Elastic License v2"
 max_signals = 1000