Alerts Manager app not showing any incidents or al...

ezmo1982 · ‎03-26-2021

Hi

I installed the Alerts Manager app as I was hoping to have better features to view and manage my incidents and alerts in enterprise security. I installed the app (id:2665) and the add-on (id3665) to my SH, created a new index named alerts and completed the set up.

However there are no Incidents or Alerts showing in any of the dashboards. My understanding was that this app would pull the incidents/alerts from ES so I can manage them? But nothing is showing

In the app, i can create a new incident no problem and can see it being added to the new "alerts" index, but this isn't much use to me.

Is there something im missing here regarding this app or its purpose??

Thanks

jamesklassen · ‎04-12-2021

Hi there, did you get it working? I'm also having difficulties with this app.

ezmo1982 · ‎04-14-2021

No, havnt got it working yet. Cant find a way for the app to display Enterprise Security alerts.

jamesklassen · ‎04-16-2021

So I fixed it in my environment. I incorrectly assumed that all existing alerts would get pulled in and listed automatically on the 'Incident Posture' dashboard. But, I needed to add the 'Alert Manager' action for my existing triggered alerts first; once that was done, then those alerts would show up.

Alerts Manager app not showing any incidents or alerts from my ES environment

administration

Using Machine Learning for Hunting Security Threats

Observability Newsletter Highlights | March 2023

Security Newsletter Updates | March 2023