This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Announcements
Webinar May 14th: Gemini's generative AI within Google SecOps
Webinar May 29th: Log Ingestion: Bindplane + Google SecOps
Log in to ask a question

How the grouping of alerts happening if am using arcsight SIEM ?

Posted on 04-27-2021 11:21 AM
sankarakumar_R
New Member
Reply posted on --/--/---- --:-- AM

I know the grouping based on the entities and the time frame. to be more precise which time will it consider for the grouping? Is the base event (start time/ end time) or the alert ingestion time into Siemplify like (Triage time) . Kindly confirm?

Solved Solved
0 3 278
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
shakedtal
Staff
Reply posted on --/--/---- --:-- AM

Hi @sankarakumar_R, the grouping of alerts takes the time the alert was ingested into Siemplify platform. Please let me know if you have any additional questions.

View solution in original post

Jump to Solution
3 REPLIES 3

Posted on --/--/---- --:-- AM
shakedtal
Staff
Reply posted on --/--/---- --:-- AM

Hi @sankarakumar_R, the grouping of alerts takes the time the alert was ingested into Siemplify platform. Please let me know if you have any additional questions.

Jump to Solution

Posted on --/--/---- --:-- AM
sankarakumar_R
New Member
Reply posted on --/--/---- --:-- AM

Hi Shaked,

Thanks for the answer!


Jump to Solution

Posted on --/--/---- --:-- AM
shakedtal
Staff
Reply posted on --/--/---- --:-- AM

You're welcome @sankarakumar_R !

Jump to Solution
0 Likes