At some point in the future we may think about converging them because
functions like defining threat rules and setting up profiles may overlap the
SOC and ops personnel. But as you said, the initial intent was that the two
UIs target two different user personas.
02.10.2017, 11:35, "Nick
I think the main reason historically is that each UI has different use
cases and user roles. The Management UI will mainly be used by an Security
Platform Engineer, while the Alerts UI will be used by a SOC Analyst,
Investigator or Manager.
That being said, I am not against a single, unified UI,
As the subject says, is there a specific reason to have the Management &
Alerts UI separate?
Having another option under "Operations" called "Alerts" in the
Management UI seems to make more sense to me... If it's because they are
called Management UI and Alerts UI, maybe we should make it