Shield Alert - mark as resolved
On the dashboard for Shield, you see a list of alerts generated through threat detection policies. We'd like to see the functionality where end users could mark an alert as seen and/or resolved so everyone who monitors the Shield alerts would know whether it's been resolved or open. This is similar to a ticketing system, but a simple notes body on the alert where someone could put an explanation of their response to the alert would greatly enhance visibility and drive better usability. Thanks!
We are investigating the best options to implement this into our Threat Detection alerts and dashboard.
-
Takaaki Kumagai commented
In addition, I would like to see Shield alerts output to the Enterprise Event Log when they are marked as resolved.
-
Anonymous commented
This would be greatly beneficial for lots of customers that I'm working with.