-
|
When looking at alerts if you want have many of the same alert that you want to acknowledge, is there a way to bulk acknowledge them? It's not a big deal if it's only 2 or 3 but if you have hundreds, click on that acknowledge button over and over gets tedious really quickly |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
Are you in the Ungrouped view perhaps? The default view in Alerts should group by rule name, so if you have hundreds or thousands of the same alert, it should just be one row with the total number in the Count column. You should then be able to acknowledge all of those at one time. For more information, please see https://docs.securityonion.net/en/2.3/alerts.html. |
Beta Was this translation helpful? Give feedback.
Are you in the Ungrouped view perhaps? The default view in Alerts should group by rule name, so if you have hundreds or thousands of the same alert, it should just be one row with the total number in the Count column. You should then be able to acknowledge all of those at one time. For more information, please see https://docs.securityonion.net/en/2.3/alerts.html.