Reporting: Investigate an Alert

Document created by RSA Information Design and Development on Nov 23, 2016Last modified by RSA Information Design and Development on Feb 10, 2017
Version 5Show Document
  • View in full screen mode
  

This topic provides instructions on how to investigate an alert. You can investigate every alert that is triggered and the investigation details are displayed in the Investigation module for that particular alert.

Prerequisites

Make sure you have understood the components of View Alerts panel. For more information, see View Alerts Panel.

Procedure

Procedure

Perform the following steps to investigate an alert:

  1. In the Security Analytics menu, select Reports.
    The Manage tab is displayed.
  2. Click Alerts.
    The Alert view is displayed.
  3. In the Alert toolbar, click View Alerts.
    The View Alerts view tab is displayed.
    view_alerts_investigate.png
  4. Do one of the following:
    • Click the investigation_icon.png button against the alert you want to investigate. 
      The Investigation module displays the details of the first session that registered the match for the given alert  for immediate analysis.
    • Click on the alert name of the alert you want to investigate.
      The Investigation module displays all matches for that particular alert for the hour surrounding the registered alert.
Previous Topic:View Alerts Schedule
You are here
Table of Contents > Working with Alerts in the Reporting Module > Investigate an Alert

Attachments

    Outcomes