UEBA: Filter Alerts

Document created by RSA Information Design and Development Employee on Sep 11, 2018Last modified by RSA Information Design and Development Employee on Feb 9, 2020
Version 17Show Document
  • View in full screen mode

You can filter the alerts displayed in the Alerts tab by severity, feedback, entity, indicators, and date range.

  1. Log into NetWitness Platform and go to INVESTIGATE > ENTITIES > Alerts.
    The Alerts tab is displayed.
    Users view, Alerts tab
  2. To filter by severity, click the don arrow under SEVERITY in the Alerts Filters panel, select any one option. The options are Critical, High, Medium, and Low.
  3. To filter by feedback, click the down arrow under FEEDBACK, select any one option. The options are None, and Rejected.
  4. To filter by entity, click the down arrow under ENTITY TYPE, select any one option. The options are All Entities, USERS, JA3, and SSL.
  5. To filter by date range,
    • Click the down arrow under DATE RANGE and select any one option. The Options are Last 7 Days, Last 2 Weeks, Last 1 Month, and Last 3 Months.
    • Select CUSTOM DATE under DATE RANGE, In the Start Date select the start range date range and in the End Date select the end range date that you want the investigate.

The alerts are displayed in the right pane according to the filter you selected. To reset filters, in the bottom of left pane , click Reset.

Previous Topic:Investigate Top Alerts
You are here
Table of Contents > Investigate Top Alerts > Filter Alerts

Attachments

    Outcomes