Forum Discussion
Automation and Metrics
Hi All
I am trying (and failing) to look for a way to pull some information that will show (by example)
Number of Security Alerts
Number of Security Incidents
And then a pivot that says - X were created but Y were auto closed due to sentinel automation rules. Is this something someone has already done or considered. tks in advance
- Do you have any way to determine which rules were closed automatically? Are you adding a tag, a comment, or a closing comment? Those would probably be some of the easier ways to determine which ones were closed automatically and then it shouldn't be too hard to get what you need.
- Cheers Gary - I was hoping to be able to grab the metadata - or similar that is appended to it when updated. Yes there is a closing comment but no tag - but will push that aspect also. Assumption being that will then make it possible to do some stats ....
- Sadly there is nothing that is automatically added to let you know the incident was modified by a playbook, you would need to add that yourself.
