Is there a way to record which user has 'closed' an alert in Elastic Security? I read through the audit log documentation, and it doesn't reference this specific topic. Is there any way to log this?
Hi @SomeRobot and thanks for the feedback!
Currently, we don't provide logging for this type of information during an alert status change, but auditing is a priority and we are tracking use cases like this for the future.
Thanks again for the feedback!