AnsweredAssumed Answered

Group by arbitrary meta in Incident Management>

Question asked by Craig Cameron-Weir on Jan 30, 2018
Latest reply on Feb 22, 2018 by Craig Cameron-Weir

I have a custom parser that generates some custom metadata, and an ESA rule that triggers based on events from the custom parser. What I want is to be able to group alerts into incidents in Incident Management by the custom meta. Is this possible, and if so, how do I do it?

Outcomes