From ServiceNow Support:
rtt32=9322 uct=0.000 uht=0.012 urt=0.012 us=401 rescode=401
ssl_cipher=ECDHE-RSA-AES128-GCM-SHA256 ssl_protocol=TLSv1.2 ua="ruxit
server" ssib=0 h=h1
SGO-Dynatrace (alert management rule) was modified to include a customised sub-flow, but the alerts/incidents continued to create after it was disabled . Querying whether it can just be disabled OR better still, identify the culprit ACL and add the dynatraceapi user to the ACL permissions?