Record Who Closes Alert

Is there a way to record which user has 'closed' an alert in Elastic Security? I read through the audit log documentation, and it doesn't reference this specific topic. Is there any way to log this?

Hi @SomeRobot and thanks for the feedback!

Currently, we don't provide logging for this type of information during an alert status change, but auditing is a priority and we are tracking use cases like this for the future.

Thanks again for the feedback!

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.