frantz45
commented
1 year ago This feature is important to work with SOAR which are not able to aggregate alerts based on a specific field (alert_id)
Open c8y3 opened 3 years ago
frantz45
commented
1 year ago This feature is important to work with SOAR which are not able to aggregate alerts based on a specific field (alert_id)
frantz45
commented
1 year ago It may be linked with https://github.com/airbus-cyber/graylog-plugin-logging-alert/issues/41
When the backlog is activated, the plugin will, by default, generate one log per message in the backlog. If option singleMessage is activated, only one log, with the complete backlog will be generated. Maybe we should consider to invert the option singleMessage (it should be activated by default to avoid unnecessary flooding) Discuss...