Reporting: Investigate an Alert

Document created by RSA Information Design and Development Employee on Jun 26, 2017
Version 1Show Document
  • View in full screen mode

This topic provides instructions on how to investigate an alert. You can investigate every alert that is triggered and the investigation details are displayed in the Investigation module for that particular alert.


Make sure you have understood the components of View Alerts panel. For more information, see View Alerts Panel.


Perform the following steps to investigate an alert:

  1. In the Security Analytics menu, click Administration Reports.
    The Manage tab is displayed.
  2. Click Alerts.
    The Alert view is displayed.
  3. In the Alert toolbar, click View Alerts.
    The View Alerts view tab is displayed.
  4. Do one of the following:
    • Click the investigation_icon.png button against the alert you want to investigate. 
      The Investigation module displays the details of the first session that registered the match for the given alert  for immediate analysis.
    • Click on the alert name of the alert you want to investigate.
      The Investigation module displays all matches for that particular alert for the hour surrounding the registered alert.
Previous Topic:View Alerts Schedule
You are here
Table of Contents > Working with Alerts in the Reporting Module > Investigating an Alert