Measuring reaction to detection

Hi!

I want to know whether there is a functionality in Elastic Security to monitor reaction time to detection for example to count SLA. Is there smth called internal index from which I can get fields that will show me when my detection has been created and closed? And after that to build a dashboard based on reaction speed

Btw, can I escalate an alert to another analyst? Or mark it as false positive. Unfortunately, I haven't found such buttons

Not sure if that is built in feature yet, anyone from ELK can respond?

So here is what I do for our clients when it comes to using Elastic SIEM and ensuring SLA:

• Use JIRA Service Desk and use their SLA feature
• Configure Elastic SIEM to create a ticket in JIRA automatically anytime a Detection is trigger in Elastic.
  • Here is the easy of bulk editing script all of the detection rules
    • Elastic Security: Bulk Detection Rule Modification via Detection API - JIRA Connector
    • GitHub - austinsonger/Elastic-Security: Repo for Automations and other solutions for Elastic SIEM/Security.
• So we basically subvert Elastic SIEM to JIRA for the initial detection and the following will show the information I have sent to JIRA:
  • Elastic SIEM Connector to JIRA Service Desk Template #JIRA #Elastic · GitHub

You can see if someone already has requested this feature in Github. And if you don't find anything, then you should request it.

Thank you for your advice!

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.