View User Alert Summaries

Document created by RSA Information Design and Development on Sep 11, 2018
Version 1Show Document
  • View in full screen mode

To help you investigate incidents and alerts for specific users, you can view summaries of alerts for specific users.

To view summaries of the top alerts in your environment:

  1. Log into NetWitness Platform and click Investigate > Users. The Overview tab is displayed.
  2. In the center pane, the top alerts are displayed with the following information:
    Alert names
    User names
    Severity level icons
    Number of indicators
    Start date for each alert
    Timeframe for each alert (hourly, daily, etc)

To view summaries of alerts for users:

  1. In the Overview tab, in the left pane under High Risk Users, select a user.
  2. In the left pane under User Risk Score, select an alert. The following information is displayed:
    The alert name
    The timeframe of the alert (Hourly or Daily)
    The severity level icon
    The contribution to the user score value (for example, +20)
    The data sources for the alert (for example, Logon)
  3. The middle frame of the Alert Overview pane is called the Alert Flow. This view provides a timeline of events that are related to the formation of the alert. The timeline of events can help to determine if the alert is an actual risk or not.

For more information, see Investigate High Risk User.

You are here
Table of Contents > View User Alert Summaries