Shield Alert - mark as resolved
On the dashboard for Shield, you see a list of alerts generated through threat detection policies. We'd like to see the functionality where end users could mark an alert as seen and/or resolved so everyone who monitors the Shield alerts would know whether it's been resolved or open. This is similar to a ticketing system, but a simple notes body on the alert where someone could put an explanation of their response to the alert would greatly enhance visibility and drive better usability. Thanks!
![](https://secure.gravatar.com/avatar/68774fd8c880da81e4d0936f63b640ae?size=40&default=https%3A%2F%2Fassets.uvcdn.com%2Fpkg%2Fadmin%2Ficons%2Fuser_70-6bcf9e08938533adb9bac95c3e487cb2a6d4a32f890ca6fdc82e3072e0ea0368.png)
We are investigating the best options to implement this into our Threat Detection alerts and dashboard.
-
Takaaki Kumagai commented
In addition, I would like to see Shield alerts output to the Enterprise Event Log when they are marked as resolved.
-
Anonymous commented
This would be greatly beneficial for lots of customers that I'm working with.