Shield Alert - mark as resolved
On the dashboard for Shield, you see a list of alerts generated through threat detection policies. We'd like to see the functionality where end users could mark an alert as seen and/or resolved so everyone who monitors the Shield alerts would know whether it's been resolved or open. This is similar to a ticketing system, but a simple notes body on the alert where someone could put an explanation of their response to the alert would greatly enhance visibility and drive better usability. Thanks!
Anonymous
shared this idea
We are investigating the best options to implement this into our Threat Detection alerts and dashboard.
-
Anonymous
commented
+1! It's confusing to notate somewhere else 1) who is handling the issue and 2) if the issue has been resolved or if there were any important notes related to it. It's confusing to then later look at older notifications and not see right away what their status or resolution was.
-
William White
commented
When reviewing the alert, the section where you can enter "Additional Feedback" should be recorded on the alert instead of just sending it off to Box. This would be a simple solution to this request.
-
Takaaki Kumagai
commented
In addition, I would like to see Shield alerts output to the Enterprise Event Log when they are marked as resolved.
-
Anonymous
commented
This would be greatly beneficial for lots of customers that I'm working with.