Uploaded image for project: 'OpenShift Request For Enhancement'
  1. OpenShift Request For Enhancement
  2. RFE-5937

Add a alertid in RHACS violations

XMLWordPrintable

    • Icon: Feature Request Feature Request
    • Resolution: Done
    • Icon: Undefined Undefined
    • None
    • rhacs-4.3.0
    • Integration, RHACS
    • None
    • False
    • None
    • False
    • Not Selected

      Problem description:

      The customer has integrated RHACS with Sentinel and followed the documentation link [1]
      . The customer has created a Generic webhook (which has a sentinel API endpoint) and enabled policy notifications to go to the configured webhook.

      Their cyber security team wants to analyze/ filter the alert based on alert id and wants to co-relate the alert transferred to sentinel which is the same as RHACS or not.

      it seems that alert id is not reported in RHACS violations. Since alert id is not generated in the RHACS thus it's not propagated to Sentinel.

      It would be great if we have any option to check the alert id in RHACS UI or through the command to retrieve from the backend.

      [1]https://docs.openshift.com/acs/4.3/integration/integrate-using-generic-webhooks.html

            dcaspin@redhat.com Doron Caspin
            sasakshi@redhat.com Sakshi sakshi
            Anjali Telang, Boaz Michaely, Doron Caspin, JP Jung, Maria Simon Marcos, Shubha Badve
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: