Hello,
Can we set the "Sync alerts" option for new cases default to 'off' or disabled? Tried it and it doesn't make a lot of sense for me. Setting a case to "In Progress" does not seem to set the related timeline alerts to "In Progress"
This is a useless feature for our instance currently, so I'd love to stop disabling it very time I'm making a case..
Best regards,
Willem
Hi @willemdh,
Unfortunately, this is not possible at the moment. Could you please open a feature request add the Team:Threat Hunting label, and mentioned me (cnasikas) so I can discuss it with the team?
Setting a case to "In Progress" does not seem to set the related timeline alerts to "In Progress"
This option sync only alerts attached to a case. Not the alerts of the timeline attached to a case.
Guide to attach an alert to a case: Manage detection alerts | Elastic Security Solution [master] | Elastic
Best,
Christos
Created Set Sync Alerts to Disabled by Default · Issue #107696 · elastic/kibana · GitHub , but I cannot add the label Team:Threat Hunting
Thanks!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
