Anna_Foxx:
I want to know whether there is a functionality in Elastic Security to monitor reaction time to detection for example to count SLA. Is there smth called internal index from which I can get fields that will show me when my detection has been created and closed? And after that to build a dashboard based on reaction speed
Btw, can I escalate an alert to another analyst? Or mark it as false positive. Unfortunately, I haven't found such buttons
So here is what I do for our clients when it comes to using Elastic SIEM and ensuring SLA:
Use JIRA Service Desk and use their SLA feature
Configure Elastic SIEM to create a ticket in JIRA automatically anytime a Detection is trigger in Elastic.
Here is the easy of bulk editing script all of the detection rules
So we basically subvert Elastic SIEM to JIRA for the initial detection and the following will show the information I have sent to JIRA: