elasticmachine
commented
2 years ago Pinging @elastic/security-threat-hunting (Team:Threat Hunting)
Closed michaelolo24 closed 10 months ago
elasticmachine
commented
2 years ago Pinging @elastic/security-threat-hunting (Team:Threat Hunting)
Background
In an effort to provide security analysts with more context around alerts, we want to provide users the ability to see cases that may already include a given alert. This provides analysts the ability to quickly assess the severity around a specific alert as well as any information that has already surfaced in prior investigations.
Details
Currently there is an API that provides the ability to get cases by the alert id in
x-pack/plugins/cases/server/routes/api/cases/alerts/get_cases.ts. The ask would be either the expansion of that API or an additional supporting API to include the case name as well as case id to allow us to link to that case from the alert flyout.