Assign SIEM Signals to a user #76627
Labels
8.11 candidate
enhancement
New value added to drive a business result
Feature:Detection Alerts
Security Solution Detection Alerts Feature
needs design
Team:Detection Engine
Security Solution Detection Engine Area
Team:Detections and Resp
Security Detection Response Team
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
Team:SIEM
Theme: TBD
Comments
lukeelmers
added
enhancement
|
Pinging @elastic/siem (Team:SIEM) |
spong
added
Feature:Detection Rules
MindyRS
added
the
Team: SecuritySolution
|
Yes if this was a feature it would get closer to a tool where we wouldn't have to create a tickets in another help desk tool. |
|
Agreed, having analysts assigned on rotation would be nice to have. |
|
please add this |
peluja1012
added
Team:Detection Alerts
|
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
yctercero
added
Team:Detection Engine
|
This was implemented in 8.12! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the feature:
When a User changes the status of a SIEM Signal from "open" to "in progress" or "closed" there should be information within the signal to show who did this. An option to filter Signals based on assigned users would also be great.
Describe a specific use case for the feature:
Multiple Analysts work on one SIEM and they start marking Signals as "in progress" - this can get messy depending on the amount of signals
An analyst sets a signal marked as "in progress" and then forgot about it. It is now open for 2 weeks+ and you are unable to tell who is at fault here. If such a feature would exist the Analyst could see what Signals are assigned to him.
Forum Thread where I made the same request for reference:
https://discuss.elastic.co/t/feature-request-alert-assignment-to-user/247095
The text was updated successfully, but these errors were encountered: