Responder Operation: MarkAlertAsIgnored

[crackytsi]

Request Type

Feature Request

Work Environment

Question	Answer
OS version (server)	Debian
OS version (client)	Seven
TheHive version / git hash	3.3.0-1
Package Type	RPM, DEB, Docker, Binary, From source
Browser type & version	Chrome

Problem Description

I want to mark an Alert as ignored from a responder action.
This is currently not possible.

Maybe it would be more generic to have a function "MarkAlert" and handover Parameters (like AddTagToAlert): Read, Ignored, Updated

[crackytsi]

@nadouani Can we have this "DeleteAlert" Responder Operation in the next release?

[nadouani]

@nadouani Can we have this "DeleteAlert" Responder Operation in the next release?

Is this part of the initial FR? I'm confused :)

[nadouani]

I'll check with @To-om :)

[crackytsi]

Thanks. With Responder you can Add a tag to an alert and other things but unforunately you can't just delete it (Status=Ignored)

[To-om]

@crackytsi, You can use the operation MarkAlertAsRead
Closing this one as duplicate #729

[crackytsi]

@To-om i think Alert as read ist Different to Alert ist deleted

[crackytsi]

New, Updated, Ignored, (Imported)
We cover only NEW and updated for my opinion.

[To-om]

If alert is imported (a case has been created from it), markAsRead set the status to "Imported". Otherwise (there is no case) markAsRead set the status to "Ignored".

[crackytsi]

@To-om Sorry for makeing you so much work. Of course you are right, my problem seems to be related to the way the responder-operations are handled (set status=Ignored and before add a tag)
#997