Shield Alert - mark as resolved
On the dashboard for Shield, you see a list of alerts generated through threat detection policies. We'd like to see the functionality where end users could mark an alert as seen and/or resolved so everyone who monitors the Shield alerts would know whether it's been resolved or open. This is similar to a ticketing system, but a simple notes body on the alert where someone could put an explanation of their response to the alert would greatly enhance visibility and drive better usability. Thanks!
We are investigating the best options to implement this into our Threat Detection alerts and dashboard.
-
William White commented
When reviewing the alert, the section where you can enter "Additional Feedback" should be recorded on the alert instead of just sending it off to Box. This would be a simple solution to this request.
-
Takaaki Kumagai commented
In addition, I would like to see Shield alerts output to the Enterprise Event Log when they are marked as resolved.
-
Anonymous commented
This would be greatly beneficial for lots of customers that I'm working with.