Hello! We believe there would be a use case to only re-open actionable alerts once they are marked closed-completed if there is a host involved ONLY if the new host found is on the original list.
For example, for a stale computers active directory ticket, it generates a comment upon opening of the list of John-1, Sam-2, Sam-PC, Sally-4, and June-6.
The ticket has been open 9 days. On the date that Frank works the ticket, the computer Jane-6 goes stale, and the inspector has not yet ran.
Frank works the ticket, deleting John-1, Sam-2, Sam-PC, Sally-4, and June-6. Upon marking the ticket closed-complete, the agent runs and detects Ryan-6 is now stale, and re-opens the ticket, saying the ticket conditions have not been met, even though Frank has successfully addressed all the hosts listed in the ticket.
What has been explained to me is if the alert has been open in the last 7 days, the agent checks ticket name + client instead of ticket name + client + hosts ticket was for.
Our request is that if the ticket is in closed-complete status, the agent would open a new ticket if the host it is for was not listed on the old ticket.
That way, Frank is responsible for the ticket as it was on the day it was worked, rather than being responsible for it (potentially) perpetually.