Available Alert Actions

Dear all,

I have recently installed Graylog 3.3.2 and everything checks out fine. Data source integration and alerting seem to be working fine. My only concern is that when I checked on the alerts tab, I can see all the alerts and pivot to investigation from there, but there seem to be no option for me to perform an action on any of the alerts. I was expecting that I could maybe at least mark something as False Positive or put a note somewhere to indicate that the alert has already been attended or being attended to. I have gone over the latest documentation but found nothing there that might give me an idea to what can be done to alerts once they are generated.

Can anyone help please? Thank you for taking the time to check onmy concern!

I have alerts emailed into a ticketing system to be automatically categorised and assigned.


1 Like

Thank you Sir!

We have a similar system wherein we can do the same. I am just interested in doing it in Graylog as other platforms such as Qradar or FireEye has that capability and it really makes managing of alerts a lot easier.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.