search

TheHive-Project / TheHive

TheHive: a Scalable, Open Source and Free Security Incident Response Platform
https://thehive-project.org
GNU Affero General Public License v3.0
3.28k stars 605 forks source link

Can we Change the Status of an Imported ALERT to Resolved ? #2416

Open sec26 opened 1 year ago

sec26 commented 1 year ago

By default when a case created for an alert the status of alert changes to "Imported" and it continues to be in the same status after resolving the imported case for that alert. Is there way to change the status of the Alert from "Imported" to "Resolved" ?

Bmg250 commented 1 year ago

No

Sent from my iPad

On Aug 23, 2022, at 6:44 AM, @.*** wrote:

 By default when a case created for an alert the status of alert changes to "Imported" and it continues to be in the same status after resolving the imported case for that alert. Is there way to change the status of the Alert from "Imported" to "Resolved" ?

— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you are subscribed to this thread.

31-rat4 commented 3 months ago

I am stuck with the same problem for 2 weeks.

Why this behavior ?

If we cannot change the alert status and work with it, i think all the alert reports and analysis become useless.

All alerts in my case are imported (10 machines, 5000 + alerts), and i cannot change their status at all ...