Group identical alerts in Elastic Security [7.14.2]

RdrgPorto · November 4, 2021, 3:00pm

Hi, everyone

I would like to know whether it is possible to group several occurrences of same alerts in Elastic Security.

For instance, we have configured a detection rule which has generated many alerts in a short period of time. I would like to group alerts with identical field values (source.ip, destination.ip, host.name, and so on).

Here you are a screenshot:

Thanks in advance,

Rodrigo

system · December 2, 2021, 3:01pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Alert Suppression on Event Correlation Rule (duplicate alerts) Elastic Security detection-rules	2	464	August 21, 2023
Elastic Security field values in connector getting duplicated Elastic Security elastic-stack-alerting	3	294	October 7, 2022
Unable to suppress duplicate alerts Elastic Security	5	256	April 4, 2024
Threshold detection not working with group by SIEM elastic-stack-alerting	3	786	June 28, 2021
Security Alert ：How to suppress repeat alarms Elastic Security	2	432	March 15, 2023

Group identical alerts in Elastic Security [7.14.2]

Related topics