I did not find it in the documentation and through an Internet search and I want to ask you folks before I let it unsolved.
Do you know if it is possible to add one more priority level on Alerts > Event Definitions > Create Event Definition > Priority?
I need this because at the moment I’m working with four priority/criticality ratings on my alerts.
Do you know if it’s possible to add more levels and maybe change the names, inside of the own Graylog interface?
The application’s events that I’m analyzing have certain situations that only three priority levels will not classify close to the real scenario, and for my work, the more acurate my classification is less false positives I will have and more intelligent will be my alerts, this is my understanding at the moment.
Also, I’m working in a scoring system, because I have alerts, that can be classified as high, but with three diferent levels of high, why? because this granularity in the future will help me to start to work towards behavior detection not only just event triage.
If my explanation didn’t make sense, I can elaborate more.
You could create a field in a pipeline from your message data that denotes your custom severity and you can work from that - an alternative while you wait for possible changes in Graylog…
