Up until Release 5.6.0, the analyst could only change the priority of a case and could not touch the priority of an alert. The drawback with this approach is that once you have different alerts grouped into a case, each incoming alert with an attached playbook could alter the Case priority. So for example, if an Alert is ingested at 10:01 with a Playbook that defines the Case as Critical; and then another Alert is grouped into the same case at 10:05 with a Playbook that defines the Case as low priority, the entire Case would be classified as low priority causing important issues to go undetected.

With Release 5.6.0, a new method has been adopted which will solve this problem and allow greater flexibilty with case priorities in general.
From now on – you can change the Alert Priority within a Case. Each case will inherit the highest priority of the grouped alerts. This way, going back to the example above, even if a later alert had a priority of low, this would no longer override the critical priority assigned to the case by the previous alert.

How can I change the priority of the alert?

There are two ways you can change the priority of the Alert:

  • Using the new Change Alert Priority Action – either in a Playbook or used as a manual Action.
  • Change Priority through Alert itself as in the procedure below:
  1. In the Cases screen in the Siemplify Platform, hover over an Alert in the case.
  2. Hover over the alert in the top right and in the drop-down list, select Change Priority.
  3. In the Change Priority dialog box, select the required Priority and click Save.

Need more help with this?
Click here to open a Support ticket

Was this helpful?

Yes No
You indicated this topic was not helpful to you ...
Could you please leave a comment telling us why? Thank you!
Thanks for your feedback.