Dear Elastic Team, we have started to work with your SIEM module. We have defined many detection rules. Signals generated based on these rules can be simply closed (signal.status: "Closed").
We would -of course - like to close signals with many another statuses or sub-statuses, e.g. False Positive, Low Impact, Duplicate etc. How can we do that? Based on these statuses/sub-statuses we would like to create dashboards with signal statistics. thank you in advance. Jan
Hi @Jan_Kabelka and welcome to the forums!
At the moment you can only close them in a "closed" state. For community feature requests we always encourage people to open a ticket here:
And the more times something is requested, and the more 
we get on tickets from other community members, the higher the feature usually rises in our backlog to work on.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.