I know the grouping based on the entities and the time frame. to be more precise which time will it consider for the grouping? Is the base event (start time/ end time) or the alert ingestion time into Siemplify like (Triage time) . Kindly confirm?
Solved
How the grouping of alerts happening if am using arcsight SIEM ?
+1Best answer by shakedtal
Hi @sankarakumar_R, the grouping of alerts takes the time the alert was ingested into Siemplify platform. Please let me know if you have any additional questions.
Hi @sankarakumar_R, the grouping of alerts takes the time the alert was ingested into Siemplify platform. Please let me know if you have any additional questions.
Login to the community
Login with SSO
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.