Alerts Grouping settings issues with unique alert ...

ORBR · 11-25-2024 11:29 PM

The Alerts Grouping Settings page lets you create grouping rules controlling the exact type of alerts which are grouped together into cases, Alert Type: For example, a phishing alert.

However, when reviewing the provided dropdown list, it only shows unique alert names, not types.

Is it possible to configure a type for each alert?
We handle multiple clients across different SIEMs, each with its own alert naming conventions. If the dropdown is based on alert names, why is it labeled "alert type"? Is there a way to configure a type for each rule generator?
QRadar SIEM Example
In QRadar, each alert or rule generates a unique offense ID along with the alert name. This makes it impractical to configure grouping based on types, as the current mechanism is driven by specific identifiers.
Feature Request: Tag-based Grouping
Would it be possible to introduce a new criteria option in the mechanism settings based on tags? This enhancement could improve flexibility and allow better alignment across varied systems and client environments.

dnehoda

Hello,

1.) The alert type becomes the alert name in the dropdown in the section below. Those names are pulled directly from SecOps SIEM.

2.) I need to see what you are experiencing so I can recommend a way for this to work

3.) We would need to submit an FR for another option in that drop and way to tag other SIEM rules.

Can you share an example of what you are seeing with screenshots and see if there's a way to accomplish your goals and needs.

hzmndt

Seems feature request raised on this toptic?

https://issuetracker.google.com/issues/380694403

The Google Cloud Security Community will be in read-only mode July 16 - July 22 as we migrate platforms.

Read more and check out our FAQ.

Alerts Grouping settings issues with unique alert name