Automatic Closing of Repeated Alerts (Automatic closing of repeated alerts)
Playbook Overview
If new alerts reported to SecMaster contain the same parameters as historical alerts, the Automatic Closing of Repeated Alerts playbook automatically closes the historical alerts, retains the latest, and automatically associates the new alerts with the closed historical alerts. Alerts with identical values for the following parameters are considered repeated alerts.
- Alert Name
- Alert Type
- Alert Severity
- Affected Assets
- Attacker
- Victim
- Data Source
- Model Name
This playbook is applied to alerts only. Attacks cannot trigger it. For details about the differences between alerts and attacks, see Overview.
This playbook is enabled by default. There is no need to manually configure or enable it.
Prerequisites
Your SecMaster professional edition is available.
Implementation Effect
- For details about how to view alerts, see Viewing Alert Details. In the navigation pane on the left in a specific workspace, choose to go to the Alerts page.
- On the Alerts page, click the alert name to go to the Alert Details page.
- On the alert details page, click Associated Alerts to go to the associated alert page and view details about associated alerts. The status of the associated alerts is Closed.
Figure 1 Alerts associated with a new alert
- For a closed historical repeated alert, if the alert status is AutoClosed on the page, the alert is closed by the playbook.
Figure 2 Automatic closing of repeated alerts
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
