-
|
Would it be possible to add the ability to 'Acknowledge' alerts in 'Group By' results? Currently, we can escalate from this view, but having the ability to acknowledge alerts would help clear a subsection of the total alerts that may be related to the same IP without having to select them from the events list individually.
I think it would help teams work through their alerts easier, by dismissing already investigated events by group and leaving unacknowledged events to be investigated. Keep up the awesome work! C2 |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
One option might be to enable advanced interface features as shown here: With that enabled, the Group Metrics section should retain the Acknowledge button. |
Beta Was this translation helpful? Give feedback.
One option might be to enable advanced interface features as shown here:
https://docs.securityonion.net/en/2.3/alerts.html#toggles
With that enabled, the Group Metrics section should retain the Acknowledge button.