About Alerts
Alerts serve as the initial indicators of potential security incidents. They are generated by third-party security systems or through custom detection workflows. By providing early warning signals, alerts play a crucial role in case management, helping teams identify, investigate, and respond to threats swiftly and effectively.
Creating a New Alert
Open the Case and Add a New Record
To attach an Alert to a Case, first double-click on the desired Case. In the overview section of the selected Case, go to the “Alerts” tab. Then, click the “New Record” button in the top-right corner.
Open the New Record Form
Fill in all the necessary fields
| Parameter | Description |
|---|---|
| Name | The name assigned to the alert. |
| Event | The event associated with the alert. |
| Severity | The severity rank of your Case. It can be: Low, Medium, High or Critical |
| Vendor | The Vendor associated with the alert. |
| Alert Type | The alert category type. |
| Description | A brief explanation explaining the alert. |
| Processed | A checkbox to mark the alert as processed; check to mark as processed, uncheck to mark as unprocessed. |
| Template Exists | Indicates whether the alert has been ingested into the system. |
| Linked Cases | The Name and ID of the Case(s) you want to link to this current alert. |
| Linked Observables | The Name and ID of the Observable(s) you want to link to this current alert. |
| Linked Attachments | The Name and ID of the Attachment(s) you want to link to this current alert. |
| Linked Tasks | The Name and ID of the Task(s) you want to link to this current alert. |
Save the Alert
Once completed, select the Add Record button in the bottom-right corner.
Editing an Alert
NOTE
Please note that you can Edit Alert(s) directly within the alerts tab of a case overview. Simply double-click on the table row to make any necessary changes. Once you have completed your edits, click anywhere on the screen to save the changes.
Select an Alert to Edit
Select the Alert you would like to edit and click on it.
The'Edit Record' Form will appear
Update Alert Details
Make any necessary changes you would like to the Alert fields and then click Save in the bottom-right corner.
View Updated Alert
The newly made changes will reflect in the selected Alerts
Deleting an Alert
Choose Alert to Delete
Navigate to the Alert you want to delete and select the three dots icon .
Delete Alert
The delete option will appear. Click Delete, and the selected Alert will be removed from your existing Alerts.
About Alerts
Alerts serve as the initial indicators of potential security incidents. They are generated by third-party security systems or through custom detection workflows. By providing early warning signals, alerts play a crucial role in case management, helping teams identify, investigate, and respond to threats swiftly and effectively.
Creating a New Alert
Open the Case and Add a New Record
To attach an Alert to a Case, first double-click on the desired Case. In the overview section of the selected Case, go to the “Alerts” tab. Then, click the “New Record” button in the top-right corner.
Open the New Record Form
Fill in all the necessary fields
| Parameter | Description |
|---|---|
| Name | The name assigned to the alert. |
| Event | The event associated with the alert. |
| Severity | The severity rank of your Case. It can be: Low, Medium, High or Critical |
| Vendor | The Vendor associated with the alert. |
| Alert Type | The alert category type. |
| Description | A brief explanation explaining the alert. |
| Processed | A checkbox to mark the alert as processed; check to mark as processed, uncheck to mark as unprocessed. |
| Template Exists | Indicates whether the alert has been ingested into the system. |
| Linked Cases | The Name and ID of the Case(s) you want to link to this current alert. |
| Linked Observables | The Name and ID of the Observable(s) you want to link to this current alert. |
| Linked Attachments | The Name and ID of the Attachment(s) you want to link to this current alert. |
| Linked Tasks | The Name and ID of the Task(s) you want to link to this current alert. |
Save the Alert
Once completed, select the Add Record button in the bottom-right corner.
Editing an Alert
NOTE
Please note that you can Edit Alert(s) directly within the alerts tab of a case overview. Simply double-click on the table row to make any necessary changes. Once you have completed your edits, click anywhere on the screen to save the changes.
Select an Alert to Edit
Select the Alert you would like to edit and click on it.
The'Edit Record' Form will appear
Update Alert Details
Make any necessary changes you would like to the Alert fields and then click Save in the bottom-right corner.
View Updated Alert
The newly made changes will reflect in the selected Alerts
Deleting an Alert
Choose Alert to Delete
Navigate to the Alert you want to delete and select the three dots icon .
Delete Alert
The delete option will appear. Click Delete, and the selected Alert will be removed from your existing Alerts.