[Feature Request][Security Alerting] Add bulk action to add multiple alerts to a case

[aarju]

Describe the feature: I would like to be able to select multiple alerts in the security app, and under the bulk actions section have the option to add the alerts to a new or existing case.

Describe a specific use case for the feature: When alerts trigger it is very common to have multiple alerts fire for a single security event. When triaging and documenting these events we want to be able to quickly add all related events to a case or timeline. This feature would make it much easier to do this because at this time we have to add the alerts one at a time.

For example, in this screenshot there are over 100 alerts on a single host all related to a single incident. I would like to be able to select all and add them to a new or existing case.

.

[elasticmachine]

Pinging @elastic/security-solution (Team: SecuritySolution)

[elasticmachine]

Pinging @elastic/security-threat-hunting (Team:Threat Hunting)

[twanva]

Hi, In 8.3 the functionality has been added to add a maximum of 100 alerts to a case. I saw that the limit for a case is 1000, but I would like a feature that can add more than 100 alerts. As described in the feature request above, as an analyst, you sometimes need to add more than 100 alerts to 1 case. This isn't possible at the moment.

[dmFnbmVyLmthZWxoZXJAcGJpLmNvbS5icgo]

+1

[michaelolo24]

fyi @cnasikas

[elasticmachine]

Pinging @elastic/response-ops-cases (Feature:Cases)

[elasticmachine]

Pinging @elastic/response-ops (Team:ResponseOps)