Available Alert Actions

hexeh.hexeh · August 19, 2020, 3:37am

Dear all,

I have recently installed Graylog 3.3.2 and everything checks out fine. Data source integration and alerting seem to be working fine. My only concern is that when I checked on the alerts tab, I can see all the alerts and pivot to investigation from there, but there seem to be no option for me to perform an action on any of the alerts. I was expecting that I could maybe at least mark something as False Positive or put a note somewhere to indicate that the alert has already been attended or being attended to. I have gone over the latest documentation but found nothing there that might give me an idea to what can be done to alerts once they are generated.

Can anyone help please? Thank you for taking the time to check onmy concern!

Ponet · August 19, 2020, 8:15am

I have alerts emailed into a ticketing system to be automatically categorised and assigned.

https://zammad.org/

hexeh.hexeh · August 19, 2020, 1:28pm

Thank you Sir!

We have a similar system wherein we can do the same. I am just interested in doing it in Graylog as other platforms such as Qradar or FireEye has that capability and it really makes managing of alerts a lot easier.

system · September 2, 2020, 1:28pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Graylog alerts and notifications Graylog Central (peer support)	2	462	October 24, 2019
Alerts are not generated Graylog Central (peer support)	3	315	November 20, 2019
Alert notification setup assistance Graylog Central (peer support)	3	279	October 29, 2020
Questions on Alerts/Events Graylog Central (peer support)	3	402	July 2, 2020
Alerts not working as expected Graylog Central (peer support)	3	489	July 21, 2021

Available Alert Actions

Related Topics