How the grouping of alerts happening if am using arcsight SIEM ?

How the grouping of alerts happening if am using arcsight SIEM ?

I know the grouping based on the entities and the time frame. to be more precise which time will it consider for the grouping? Is the base event (start time/ end time) or the alert ingestion time into Siemplify like (Triage time) . Kindly confirm?

Best Answer

  • ShakedTalShakedTal Community Team
    Accepted Answer

    Hi @sankarakumar R, the grouping of alerts takes the time the alert was ingested into Siemplify platform. Please let me know if you have any additional questions.

Answers

Sign In or Register to comment.