alerting icon indicating copy to clipboard operation
alerting copied to clipboard

Published 20 hours ago • verified publisher icon opensearch-project

[FEATURE] Alert acknowledgement, visible alert ID and acknowledgement notes

Open tomuk5 opened this issue 1 year ago • 2 comments

Currently with alerts there is no ability to record or show who acknowledged an alert, reference an alert with a unique ID or make notes on an alert.

When acknowledging an alert, the username of the person acknowledging the alert should be recorded and be able to be viewed for all alerts that are already acknowledged. Optionally, a notes field can be provided for the user acknowledging an alert to enter information regarding their investigation of the alert, incident number/etc.

There is currently no means to find out who acknowledged an alert and no ability to view the alert unique ID in the web interface (although it is available via the api GET /_plugins/_security_analytics/alerts?detectorType={type} under field alerts.id)

tomuk5 avatar Oct 25 '23 10:10 tomuk5

Added to backlog

praveensameneni avatar Apr 03 '24 07:04 praveensameneni

We plan to add some of the enhancements on alerting in 2.15 release.

praveensameneni avatar Apr 03 '24 07:04 praveensameneni