when we ingest alert in Soar it automatically get assigned to Tier-1 , can we make it to Unassigned
basically assigned to no one
Case assigned
+12- Silver 2
you could do this a few ways. What I did was to create a role called "Ingest Playbooks" with no users in it and all cases that come in are assigned to that. At the end of the ingest playbooks I assign the case to a stage (phishing as an example) and assign it to the role with the group of users that are intended.
With doing that, I do have to watch the cases to be sure nothing gets stuck there. Weekend patching as an example.
Login to the community
Login with SSO
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.