Hi All,
We're using Alert Manager as a solution to produce Incidents, just like the Incident review dashboard in the Enterprise Security Suite. We have followed all the instructions given in the document, yet are not able to display incidents in the Posture.
We're getting the data in the dashboard metrics, as visible in the screenshot. But the incidents are still not displaying. Can anyone help us in setting this. Also, do we really need to install the add on each of our Indexers as well? Will that solve the problem?
Thanks in advance
Resolved it myself. The problem was like finding a needle in the haystack of sand in a desert. The search of the macro all_alerts
had a field called result_ID. That wasn't producing any results. Removed it, updated and got the search working, updated the macro and boom. Results popped up in the dashboard.
Helpful tips for the app:
Resolved it myself. The problem was like finding a needle in the haystack of sand in a desert. The search of the macro all_alerts
had a field called result_ID. That wasn't producing any results. Removed it, updated and got the search working, updated the macro and boom. Results popped up in the dashboard.
Helpful tips for the app:
Thank you @shiv1593
This post helped me to fix the same issue I had.