Responding to alerts limitations

%3CLINGO-SUB%20id%3D%22lingo-sub-901556%22%20slang%3D%22en-US%22%3EResponding%20to%20alerts%20limitations%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-901556%22%20slang%3D%22en-US%22%3E%3CP%3EThis%20is%20more%20a%20suggestion%20to%20Microsoft%20unless%20I%20am%20missing%20a%20trick%20%3A)%3C%2Fimg%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhen%20responding%20to%20alerts%20in%20Cloud%20App%20Security%2C%20you%20don't%20have%20the%20option%20to%20mark%20that%20you%20are%20investigating%20the%20alert%2C%20only%20options%20to%20dismiss%2C%20resolve%20or%20adjust%20policy.%3C%2FP%3E%3CP%3EThis%20causes%20multiple%20Analysts%20to%20investigate%20the%20same%20alert.%20We%20need%20some%20way%20of%20showing%20that%20someone%20is%20actively%20investigating%20the%20alert%2C%20and%20avoid%20people%20thinking%20the%20alert%20is%20new..%20(Similar%20to%20options%20available%20in%20Windows%20Defender%20ATP%20alert%20responses.)%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-901556%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ECloud%20App%20Security%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-906346%22%20slang%3D%22en-US%22%3ERe%3A%20Responding%20to%20alerts%20limitations%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-906346%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F46448%22%20target%3D%22_blank%22%3E%40Christo%20De%20Lange%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThank%20you%20for%20your%20feedback%20-%20this%20is%20something%20we're%20investigating.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Occasional Contributor

This is more a suggestion to Microsoft unless I am missing a trick :)

 

When responding to alerts in Cloud App Security, you don't have the option to mark that you are investigating the alert, only options to dismiss, resolve or adjust policy.

This causes multiple Analysts to investigate the same alert. We need some way of showing that someone is actively investigating the alert, and avoid people thinking the alert is new.. (Similar to options available in Windows Defender ATP alert responses.)

1 Reply
Highlighted

@Christo De Lange 

 

Thank you for your feedback - this is something we're investigating.