In relative terms, we have a fairly small number of servers sending events to our Envision appliance. I have created a few alerts for events I'm interested in. If something causes a burst of events to cause alerts (or if I misconfigure an alert when I'm developing it), I'm told by support I have to change their status from "New Alert" to "Under Investigation" one by one, as there is no other way to do this in bulk. Does anyone else have this same issue, or am I missing something. I can't imagine dealing with alerts in a large enterprise this way. Thanks!
Your observation is correct: There's no way to bulk-modify the status of alerts on that screen. Most users don't manage the alerts that way anymore, though. You may find it advantageous to choose the alerts that are really important to you and use the "Task Create" output action to manage them in Event Explorer's Incident Management interface. Additionally, if you still want to use the Alert History screen to manage your alerts, then you may want to consider turning on Alert Suppression. This will help prevent large quantities of the same alert from appearing in the list.