Assign current user to acknowledged alert / Elastic Security

Mike_S · May 25, 2023, 11:46am

Hi,

Is it possible to set the current user that has acknowledged an alert to a new field using the painless / runtime scripts to set a value? I've read over some documentation for it but can't figure out how to pull the user doing the actions when something is acknowledged.

Trying to fully move over to this and this will be a requirement for us.

Thanks,
Mike

system · June 22, 2023, 11:46am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Determine the user that acknowledged an Alert SIEM	6	470	January 18, 2024
Feature Request: Alert Assignment to user SIEM	2	439	September 30, 2020
Alert triage enhancement ideas SIEM	4	215	June 18, 2024
Identifying User Who Acknowledged Security Alerts Elastic Security	2	45	August 19, 2024
Watcher alert, ssh auth SIEM elastic-stack-alerting	2	633	August 28, 2019

Assign current user to acknowledged alert / Elastic Security

Related topics