Re: Having more than one use case on a Metron instance
Not at present, no, but you can just open multiple instances. Saved searches are also per user, so that might provide a workaround. Simon On Wed, 19 Feb 2020 at 16:23, Euan Hope wrote: > Thanks so much for the quick feedback. I will put this forward to the > client. > > To gain a sense of what is possible, is there possibly a way to configure > more tabs in the Alerts UI (for example, there is the PCAP tab available in > our UI)? > > Or possibly as another alternative, is it possible to configure different > Alerts UI for different users. Say for example that user A can only access > Alerts UI A, user B can only access Alerts UI B? > > Thanks again for your input, it is very much appreciated. > > On Wed, Feb 19, 2020 at 5:59 PM Simon Elliston Ball < > si...@simonellistonball.com> wrote: > >> I would suggest using saved searches, which also remember the selected >> columns. >> >> Simon >> >> On Wed, 19 Feb 2020 at 15:51, Euan Hope wrote: >> >>> Hi again Metron community. >>> >>> Sorry to post another question in such quick succession. >>> >>> Our client has asked us to implement another use case on the Metron >>> instance we have set up for them. This new use case uses similar data to >>> the original use case but the threat triage rules for scoring the records >>> are very different. >>> >>> The request was to have another tab in the Alerts UI so that the >>> different SOC analysts could use different screens for the different use >>> cases. >>> >>> Is there any way to configure this? And if not, does anyone in the >>> community have suggestions on how to approach this? >>> >>> Thanks in advance for the help. >>> >> -- >> -- >> simon elliston ball >> @sireb >> > -- -- simon elliston ball @sireb
Re: Having more than one use case on a Metron instance
Thanks so much for the quick feedback. I will put this forward to the client. To gain a sense of what is possible, is there possibly a way to configure more tabs in the Alerts UI (for example, there is the PCAP tab available in our UI)? Or possibly as another alternative, is it possible to configure different Alerts UI for different users. Say for example that user A can only access Alerts UI A, user B can only access Alerts UI B? Thanks again for your input, it is very much appreciated. On Wed, Feb 19, 2020 at 5:59 PM Simon Elliston Ball < si...@simonellistonball.com> wrote: > I would suggest using saved searches, which also remember the selected > columns. > > Simon > > On Wed, 19 Feb 2020 at 15:51, Euan Hope wrote: > >> Hi again Metron community. >> >> Sorry to post another question in such quick succession. >> >> Our client has asked us to implement another use case on the Metron >> instance we have set up for them. This new use case uses similar data to >> the original use case but the threat triage rules for scoring the records >> are very different. >> >> The request was to have another tab in the Alerts UI so that the >> different SOC analysts could use different screens for the different use >> cases. >> >> Is there any way to configure this? And if not, does anyone in the >> community have suggestions on how to approach this? >> >> Thanks in advance for the help. >> > -- > -- > simon elliston ball > @sireb >
Re: Having more than one use case on a Metron instance
I would suggest using saved searches, which also remember the selected columns. Simon On Wed, 19 Feb 2020 at 15:51, Euan Hope wrote: > Hi again Metron community. > > Sorry to post another question in such quick succession. > > Our client has asked us to implement another use case on the Metron > instance we have set up for them. This new use case uses similar data to > the original use case but the threat triage rules for scoring the records > are very different. > > The request was to have another tab in the Alerts UI so that the different > SOC analysts could use different screens for the different use cases. > > Is there any way to configure this? And if not, does anyone in the > community have suggestions on how to approach this? > > Thanks in advance for the help. > -- -- simon elliston ball @sireb
