Detection Alerts - Want To Only See that Alert

austinsonger · December 18, 2020, 7:01pm

When clicking on a detection alert it shows the list with a list of other detections during a timeframe is there a way we can make it so it only shows that specific alert and not a list of others.

Like make that timeframe like exactly the time that alert came in?

https://<Placeholder>.eastus2.azure.elastic-cloud.com:9243/app/security/detections/rules/id/94ce4952-f99c-4c58-ae1c-e886b5e1c6e1?sourcerer=(default:!())&timerange=(global:(linkTo:!(),timerange:(from:'2020-12-17T18:53:28.150Z',fromStr:now-24h,kind:relative,to:'2020-12-18T18:53:28.150Z',toStr:now)),timeline:(linkTo:!(),timerange:(from:'2020-11-11T23:15:53.110Z',kind:absolute,to:'2020-11-12T23:15:53.134Z')))&timeline=(graphEventId:'',id:'02d79220-24fd-11eb-9ddd-db279b467fd0',isOpen:!f)

yctercero · December 21, 2020, 4:31pm

Hi @austinsonger!

Thanks for your post! I just wanted to clarify, you're wanting to view alerts only from one specific timeframe?

One thing you can do is that you can go to the alert of interest and do the following:

Click on view alert details
Hover over the timestamp value and find the icon that is a magnify glass with a plus sign

Screen Shot 2020-12-21 at 11.25.47 AM434×542 47 KB
Click on that icon mentioned in step 2 and you should now see the detections tab filtered by that specific timestamp

Screen Shot 2020-12-21 at 11.26.15 AM1399×103 10.7 KB

You can also save queries if this is one you often use or want to come back to.
Screen Shot 2020-12-21 at 11.30.17 AM

Hope that helps!

Best,
Yara

austinsonger · December 21, 2020, 4:47pm

When Elastic sends the link to JIRA, I want it to only send the link for that specific detection alert and not a timeframe.

christos.nasikas · December 21, 2020, 5:20pm

Hi @austinsonger,

Are you talking about {{{context.results_link}}} ?

austinsonger · December 22, 2020, 7:57am

Yup.

christos.nasikas · December 23, 2020, 4:11pm

The current behavior of context.results_link does not filter the results to show only the specific alert either by the alert id or by the exact timeframe. Could you please open a feature request and tag it with Team: SecuritySolution?

Thank you!

austinsonger · December 24, 2020, 7:22am

Here it is.

christos.nasikas · December 24, 2020, 9:17am

Thank you so much! I let my team know about it.

Happy new year!

system · January 21, 2021, 9:18am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Seperate email alerts per detection? SIEM elastic-stack-security	3	481	June 14, 2022
Generate a Detection when new document is indexed Elastic Security elastic-stack-monitoring , elastic-stack-alerting	8	1513	May 7, 2021
Alerts Page Only Shows for Threat Intel rule Elastic Security	3	197	January 4, 2024
1 alert for all detections & suppress repeat detections Elastic Security	4	635	November 4, 2022
Watcher, Alert all result of the payload, not only the first Elasticsearch elastic-stack-alerting	4	412	November 11, 2020

Detection Alerts - Want To Only See that Alert

Related topics