The Alerts tab displays details about all the alerts in your environment. You can view forensic information about suspicious activity in your environment that is based on a specific timeframe.
What do you want to do?
*You can complete the tasks here.
To access this view:
Go to INVESTIGATE > Users.
The Overview tab is displayed.
The Alerts tab consists of the following panels:
Use the filters panel to refine your investigation of alerts. The filters are automatically applied as you make your selections. You can clear all currently set filters by clicking Clear.
The following table describes the filters types.
The Alerts panel displays the following information for each alert:
- Severity Icon: An icon next to the alert name that indicates the severity level of the alert
- Alert Name: The name of the alert and the alert timeframe
- Entity Name: The name of the entity (user account) that generated the alert
- Start Time: The date and time when this alert was first detected
- # Indicators: The number of unique behavior anomalies (indicators) associated with the alert
- Status: Indicates if the alert has been marked as Unreviewed or Not A Risk
- Feedback: Indicates if a feedback value has been assigned for the alert
At the beginning of each alert line is an icon that expands the alert to display additional details. Once expanded, the following fields are displayed:
- Indicator Name – The name of each unique indicator that is associated with the alert
- Anomaly Value – The indicator’s value, representing the deviation amount or value as it differs from the user’s normal behavior
- Data Source – The type of data where the indicator was found
- Start Time – The date and time when this indicator was first detected
- # Events – The number of events in the indicator
The data that is currently displayed in the central pane can be exported to a .csv file by clicking Export at the top right of the pane.