Skip to content

[Security Solution] Extend group Take Actions with the additional options. #150515

New issue
New issue
Open
Open
[Security Solution] Extend group Take Actions with the additional options.#150515

Description

@YulNaumenko

YulNaumenko
openedon Feb 8, 2023

Actions requirements:

  • Users should be able to make bulk actions by quick action on a group or sub-group
  • Actions on bulk alerts should have a confirmation dialog box
  • Quick actions include:
    Default: Add to case (existing), Close, Acknowledge
    if group contains host (then isolate) (prerreq using endpoint integration)
    If group contains rule (then add exception)
    if group contains process.name (or pid, entity.id, etc.), then endpoint could “terminate process”
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Assignees

No one assigned

    Labels

    Team:Threat HuntingSecurity Solution Threat Hunting TeamTeam:Threat Hunting:Explorev8.8.0

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions