Alerts / incidents auto close
Updated: 23 May 2010 | 1 comment
Hello,
Is there a way to automatically close incidents? I ask because it appears our SSIM system is flooded with open incidents - it would be nice if these incidents were not handled by 'x' date they become automatically closed. If this is not possible, is there a way to create alerts that are closed by default? That way you are alerted via e-mail that the rule has fired off, but it does not require you to manage alerts by closing them.
Thanks!
Dean
discussion Filed Under:
Comments
Well.,,
Well the whole point of a SSIM is to create incidents that requrie some level of analysis to determine the risk it applies to the organization. Your best bet may be to just use alerts as you identified above. I'm sure you can script something out, even in a cronjob, but I'm not sure the precise process to do this, or if it would be in the security groups' best interest to do this.
Would you like to reply?
Login or Register to post your comment.