Alert Options menu in the Cases page
Supported in:
In the Cases page, click
Alert Options under the Alert tab.The following Alert Options are available:
- Explore Alert: For more information on the Alerts Results page, click Investigate Alerts.
- Ingest alert as test case: Click Ingest alert as test case to introduce a Test Case into the system. It's marked as a Test Case to make it easier to locate. None of the information and metrics from ingested alerts are counted in the dashboards and reports metrics. Ingested alerts are not grouped by design.
- Change Priority: We recommend changing the priority of the alert rather than the priority of the case. This doesn't affect the priority of the case.
- Move Alert: If you're assigned a case with more than one alert, you can choose either Move the Alert to new case or Move Alert to existing case. If you choose Move Alert to existing case, select the required case from the menu and click Move.
- Manage Alert Detection Rule: (only displayed for users of Google SecOps). If the rule is a predefined Google SecOps rule, you're redirected to the Rules Detection page. For more information on the Rules Detection page, click Filter data rules detections view. If the rule is a customer rule, you're redirected to the Rule Editor page. For more information on the Rule Editor page, see Manage rules using the Rules Editor.
- Close Alert: closes the alert within the case. Select
from the options in the Reason/Root Cause/Usefulness
fields. (The Usefulness field only appears for users of
Google SecOps and lets the rule analysts get more
precise information on alert rules from the customer feedback). The closed
alerts in a case appear unavailable with a Closed tag. You can close the
alert only if there are other alerts in the case and it's assigned to you.
- Add Entity: you can manually add an existing entity or a new entity to an alert.
Add new or existing entities
To add new or existing entities, follow these steps:
- Click Alert Options and select Add Entity.
- In the Add entities to alert dialog, select an entity from either the Add existing entities menu or the Add new entity menu.
- Enter an identifier, click add Add, and then click Apply.
Need more help? Get answers from Community members and Google SecOps professionals.