Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[SIEM][Detections] Create API for closing all alerts that match an exception #65940

Closed
spong opened this issue May 9, 2020 · 3 comments
Closed

[SIEM][Detections] Create API for closing all alerts that match an exception #65940

spong opened this issue May 9, 2020 · 3 comments
Assignees
@marshallmain
Labels
enhancement New value added to drive a business result Feature:Detection Rules Anything related to Security Solution's Detection Rules Team:Endpoint Response Endpoint Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:SIEM v7.9.0

Comments

@spong
Copy link
Member

spong commented May 9, 2020

When adding or editing Exception Lists, the user has the option to close all alerts that match this exception. This issue is for creating an API that can take an exceptionListId, state, and update all matching alerts to the provided state.
@spong spong added enhancement New value added to drive a business result Team:SIEM v7.9.0 Feature:Detection Rules Anything related to Security Solution's Detection Rules labels May 9, 2020
@elasticmachine
Copy link
Contributor

Pinging @elastic/siem (Team:SIEM)

@spong spong mentioned this issue May 9, 2020
Closed
3 tasks
@spong spong added the Team:Endpoint Response Endpoint Response Team label May 9, 2020
@elasticmachine
Copy link
Contributor

Pinging @elastic/endpoint-response (Team:Endpoint Response)

@FrankHassanabad
Copy link
Contributor

"Reviewed by Frank Hassanabad on 7/29/2020", This looks complete and will be shippable at this point. Going to close this and associated tickets. Any new bugs/features should be new tickets.

@MindyRS MindyRS added the Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. label Oct 27, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@marshallmain marshallmain

Labels
enhancement New value added to drive a business result Feature:Detection Rules Anything related to Security Solution's Detection Rules Team:Endpoint Response Endpoint Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:SIEM v7.9.0
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@FrankHassanabad @MindyRS @spong @elasticmachine @marshallmain