Reporting: Investigate an Alert

Document created by RSA Information Design and Development on Jul 29, 2016
Version 1Show Document
  • View in full screen mode
 

This topic provides instructions on how to investigate an alert. You can investigate every alert that is triggered and the investigation details are displayed in the Investigation module for that particular alert.

Prerequisites

Make sure you have understood the components of View Alerts panel. For more information, see View Alerts Panel.

Perform the following steps to investigate an alert:

  1. In the Security Analytics menu, click Dashboard > Reports.
    The Manage tab is displayed.
  2. Click Alerts.
    The Alert view is displayed.
  3. In the Alert toolbar, click View Alerts.
    The View Alerts view tab is displayed, as shown below.
    view_alerts_investigate.png
  4. Do one of the following:
    • Click the investigation_icon.png button against the alert you want to investigate. 
      The Investigation module displays the details of the first session that registered the match for the given alert  for immediate analysis.
    • Click on the alert name of the alert you want to investigate.
      The Investigation module displays all matches for that particular alert for the hour surrounding the registered alert.
You are here: Working with Alerts in the Reporting Module > Investigate an Alert

Attachments

    Outcomes