I know the grouping based on the entities and the time frame. to be more precise which time will it consider for the grouping? Is the base event (start time/ end time) or the alert ingestion time into Siemplify like (Triage time) . Kindly confirm?
Solved
How the grouping of alerts happening if am using arcsight SIEM ?
+1Best answer by shakedtal
Hi @sankarakumar_R, the grouping of alerts takes the time the alert was ingested into Siemplify platform. Please let me know if you have any additional questions.
Hi @sankarakumar_R, the grouping of alerts takes the time the alert was ingested into Siemplify platform. Please let me know if you have any additional questions.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.