Replies: 1 comment
-
Unfortunately, there's no bulk escalation in the interface -- could you expand on this a little bit? Are you escalating all of the alerts for a single rule and source IP to the same case, or all the alerts for a given source IP independent of the alerting rule? Just trying to understand the workflow. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Dear Team,
Is there a way to group multiple alert events under the same case without doing it manually one by one?
I have an alert rule with 1,000 events, but when I group them by source IP, I find that these 1,000 events are distributed across just five source IPs.
For example, I want to send all alerts for each source IP to a separate case. When I open a case, I would like to see all the events and be able to drill down on them directly from the case, just like I can on the alerts page. However, if I escalate the alert, it doesn’t include the events within the alerts. I would have to drill down into each alert and escalate the events individually to see them in the case.
Additionally, when I escalate the alert based on the group-by field, I can only see the source IP and the count of IPs. The only option I’ve found is to drill down into each alert and escalate the events one by one. Is there a way to bulk-send the events to the case?
Beta Was this translation helpful? Give feedback.
All reactions