Actions & alerts - suppress + using to alert on security detections


Looking at the guide for Alerts & Actions there is mention of suppressing alerts -

However i just cannot seem to find this option.

Also i am trying to find a better way to manage the detection alerts, on prem i use elastalert, i need to migrate fully to the cloud, with elastalert i have the suppress capability as described above and ability to make alerts that will hit for multiple detection types vs action for each detection.

Wondering if anyone has used actions and alerts for alerting on detections? I was looking at the elasticsearch query.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.