How to add multiple events at the same time to a case without using the aggregate number from Hunt?

[Way2Fast74]

Version

2.4.40

Installation Method

Security Onion ISO image

Description

other (please provide detail below)

Installation Type

Distributed

Location

on-prem with Internet access

Hardware Specs

Exceeds minimum requirements

CPU

32

RAM

132GB

Storage for /

500GB

Storage for /nsm

30TB

Network Traffic Collection

other (please provide detail below)

Network Traffic Speeds

1Gbps to 10Gbps

Status

Yes, all services on all nodes are running OK

Salt Status

No, there are no failures

Logs

No, there are no additional clues

Detail

Is there a document that you could point me towards that can show me how to send multiple events to a case at the same time or do I have to click on them one-by-one, or use the aggregate number and click on the aggregate number in the case when escalating?

Guidelines

• I have read the discussion guidelines at Read before posting! #1720 and assert that I have followed the guidelines.

[InfosecGoon]

There's no multiple select - you have to click on them one by one. If you use the aggregate number, it won't escalate the event data, just the summary of it you see in the aggregate view.