Feature Request: Alert Assignment to user

madduck · September 1, 2020, 12:58pm

Hello,

playing around more and more with the SIEM and signals etc. and I saw that there does not seem to be a way to assign signals.
I can mark them as "open", "in progress" or "done" however I have no information which user actually did this.
In a SIEM with multiple Analysts this would be rather useful because otherwise I am unable to see who marked a signal as "in progress" but then maybe forgot about it for a week and it was left unresolved.
Furthermore it would allow the Analyst to filter for alerts that he assigned to himself (assuming a function like that will get implemented), if he is analysing multiple signals this can be rather useful. Otherwise the only association I have about which analyst is working on what signal is either through timelines or cases and not every signal warrants a case or timeline.

spong · September 2, 2020, 5:49pm

Hey there @madduck!

Thanks for the feature request! We are tracking this internally and are looking to add this functionality in a future release, but feel free to open a feature request over in the Kibana repo and we can link it to this effort and you (and other users) can be notified once this feature lands.

Cheers!
Garrett

system · September 30, 2020, 5:50pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.