Measuring reaction to detection


I want to know whether there is a functionality in Elastic Security to monitor reaction time to detection for example to count SLA. Is there smth called internal index from which I can get fields that will show me when my detection has been created and closed? And after that to build a dashboard based on reaction speed

Btw, can I escalate an alert to another analyst? Or mark it as false positive. Unfortunately, I haven't found such buttons

Not sure if that is built in feature yet, anyone from ELK can respond?

So here is what I do for our clients when it comes to using Elastic SIEM and ensuring SLA:

You can see if someone already has requested this feature in Github. And if you don't find anything, then you should request it.

Thank you for your advice!

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.