Hi All,
We're using Alert Manager as a solution to produce Incidents, just like the Incident review dashboard in the Enterprise Security Suite. We have followed all the instructions given in the document, yet are not able to display incidents in the Posture.
1. We installed the app and the add-on on the search head
2. Created an index called alerts
3. Set the alerts in the Alert manager app. Assigned the default roles created by the app to the users using it.
4. Changed the permissions of the all the alerts and macros, even the Posture dashboard to Global.
We're getting the data in the dashboard metrics, as visible in the screenshot. But the incidents are still not displaying. Can anyone help us in setting this. Also, do we really need to install the add on each of our Indexers as well? Will that solve the problem?
![alt text][1]
[1]: /storage/temp/274616-am.png
Thanks in advance
↧