Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 15 subscribers
  • Views 716 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Data Lake Detections EDR - request ability to flag as acknowledged

LHerzog

Hi,

We got our first detections. As we're working with central as a team from different locations, it would be cool if we can flag such a detection as acknowledged the same way as we can to for the normal threat detections (OK, just learned you've renamed them to "Threat Graphs" recently).

Currently, multiple admins are doing the same checks and searches for that detections even if an other admin has already finished all analysis.

In this case our life cycle management tool performed a "vssadmin delete shadows /for=c: /ALL /quiet" on both computers.

So I expect this events will fill up the list soon.



This thread was automatically locked due to age.
Parents
  • 0

    Hi Larry, this is something we are looking at.  In the shorter term, in December we'll be adding our new Investigation capability which will allow admins to create cases based on interesting Detections and enables admins to collaborate more efficiently and share details on investigations that can include multiple, separate detections.  Investigations will automatically get created for high priority Detections or any Detections you manually want to create a case.  Investigations can then be closed/deleted so that you don't have this issue.  Stay tuned for some upcoming demos on the new Investigations functionality.

Reply
  • 0

    Hi Larry, this is something we are looking at.  In the shorter term, in December we'll be adding our new Investigation capability which will allow admins to create cases based on interesting Detections and enables admins to collaborate more efficiently and share details on investigations that can include multiple, separate detections.  Investigations will automatically get created for high priority Detections or any Detections you manually want to create a case.  Investigations can then be closed/deleted so that you don't have this issue.  Stay tuned for some upcoming demos on the new Investigations functionality.

Children
Unfiltered HTML