cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
r_gine
r_gine
Level 9
Report Inappropriate Content
Message 1 of 3
‎06-12-2019 07:19 AM

How to use 'Alarms' Dashboard

We're trying to figure out the best way to use the Alarms dashboard. We're unable to figure out how to use the 'Alarms' in a way that allows us apply basic SOC workflow functions. 

  1.  Alarm triggers
  2. Analysts acknowledges alarm
  3. Analyst begins triage
  4. Analyst decides to dismiss alarm (FP, etc) or decides to escalate (create case)

We know we can create a case easily from here, but what we cannot figure out is how/where the analyst is supposed to manage and disposition the alarm. I don't see any place to disposition or dismiss the alarm. Or to add any type of notes to the alarm. I also dont see a way to associate or collapse multiple alarms into one. 

I don't think it's realistic to move all alarms into a case management system. Is there something that I'm missing here?

 

Labels (3)
0 Kudos
Reply
2 Replies
David1111
Reliable Contributor David1111
Reliable Contributor
Report Inappropriate Content
Message 2 of 3
‎06-12-2019 10:17 AM

Re: How to use 'Alarms' Dashboard

no, your not missing nothing.

theirs' no option of leaving notes etc. on the Alarms...

i posted a idea for that in the McAfee Ideas Site, but they just closed it...

sadly, no option.

 

Best Regards👍👍👍

David.

0 Kudos
Reply
brenta
Reliable Contributor brenta
Reliable Contributor
Report Inappropriate Content
Message 3 of 3
‎06-12-2019 11:29 AM

Re: How to use 'Alarms' Dashboard

The case management inside the SIEM is pretty terrible, it was clearly added as an after though. 

Most alarms that I make are basically just "auto-acknowledged" and tied to some event, such as emailing, adding things to watchlists, etc...

You might want to try to do an integration to a ticketing system to really track things a little better.

Brent
Reply
More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator

    • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community


    Corporate Headquarters
    2821 Mission College Blvd.
    Santa Clara, CA 95054 USA

    Consumer Support   |   Enterprise Support   |   McAfee.com

    Legal   |   Privacy   |   Copyright © 2019 McAfee, LLC