UEBA: Filter Alerts

Document created by RSA Information Design and Development Employee on Sep 14, 2020
Version 1Show Document
  • View in full screen mode

You can filter alerts displayed in the Alerts tab by severity, feedback, entity, indicators, and date range.

  1. Go to Users > Alerts.
    The Alerts tab is displayed.
    Users view, Alerts tab
  2. To filter by severity, click the down arrow under Severity in the Alerts Filters panel, and select any one option. The options are Critical, High, Medium, and Low.
  3. To filter by feedback, click the down arrow under Feedback, and select any one option. The options are None, and Rejected.
  4. To filter by entity, click the down arrow under Entity Type, and select any one option. The options are All Entities, Users, JA3, and SSL.
  5. To filter by date range,
    • Click the down arrow under Date Range and select any one option. The Options are Last 7 Days, Last 2 Weeks, Last 1 Month, and Last 3 Months.
    • Select Custom Date  under Date Range. In the Start Date, select the start range date range, and in the End Date select the end range date that you want the investigate.

The alerts are displayed in the right panel according to the filter you selected. To reset filters, in the bottom of left panel, click Reset.

Previous Topic:Investigate Top Alerts
You are here
Table of Contents > Investigate Top Alerts > Filter Alerts

Attachments

    Outcomes