Hi,
Is there a way to automatically group multiple alerts from the same user—especially when individual tickets already exist for similar alerts—so that new alerts can be referenced or linked to an existing Jira ticket instead of creating separate ones each time?
Page 1 / 1
Take a look at this thread to see if it helps: Throttle Rule Alerts
There is a config for grouping alerts in the SOAR. You can find the detailed information here:
https://cloud.google.com/chronicle/docs/soar/investigate/working-with-alerts/alert-grouping-mechanism-admin
If you want to work with bundled alerts, you're going to want to do that in the SOAR side. It will provide the capability, plus you could automate your tickets into Jira and have them already grouped.
Thanks guys both of you @Mustache @kentphelps
Reply
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.