Skip to content

[Alerts] Show All Alerts feature in Rule #191124

New issue
New issue
Open
Open
[Alerts] Show All Alerts feature in Rule#191124

Description

@nicpenning

nicpenning
openedon Aug 22, 2024

Describe the feature:
As a cybersecurity analyst investigating an alert in Kibana, I would like to be able to see all alerts, no matter their state. Today I am presented with Open alerts but then can switch to Acknowledged and Closed but cannot select an option to see all alerts. This forces me to go to each filter type and change the Alert state to a common one to see them in one view.

image

Describe a specific use case for the feature:
If I were to be investigating an alert in Kibana I may see only 2 open alerts but 30 may have been closed by another analyst or acknowledged and I wouldn't know it unless I manually check each filter every time.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Assignees

No one assigned

    Labels

    Team: SecuritySolutionSecurity Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.Team:Detection EngineSecurity Solution Detection Engine AreaTeam:ResponseOpsLabel for the ResponseOps team (formerly the Cases and Alerting teams)triage_needed

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions