Up until Release 5.6.0, the analyst could only change the priority of a case and could not touch the priority of an alert. The drawback with this approach is that once you have different alerts grouped into a case, each incoming alert with an attached playbook could alter the Case priority. So for example, if an Alert is ingested at 10:01 with a Playbook that defines the Case as Critical; and then another Alert is grouped into the same case at 10:05 with a Playbook that defines the Case as low priority, the entire Case would be classified as low priority causing important issues to go undetected.
With Release 5.6.0, a new method has been adopted which will solve this problem and allow greater flexibilty with case priorities in general.
From now on – you can change the Alert Priority within a Case. Each case will inherit the highest priority of the grouped alerts. This way, going back to the example above, even if a later alert had a priority of low, this would no longer override the critical priority assigned to the case by the previous alert.
How can I change the priority of the alert?
There are two ways you can change the priority of the Alert:
- Using the new Change Alert Priority Action – either in a Playbook or used as a manual Action.
- Change Priority through Alert itself as in the procedure below:
- In the Cases screen in the Siemplify Platform, hover over an Alert in the case.
- Hover over the alert in the top right and in the drop-down list, select Change Priority.
- In the Change Priority dialog box, select the required Priority and click Save.
Need more help with this?
Click here to open a Support ticket