Outline

Page structure
Alert levels
How to read alerts  
How to resolve alerts
 

Alerts page structure

Alerts are created when triggers fire. Each alert has an associated alert level (0-5). The 'Alerts' page displays three kinds of alerts: 'Unresolved', 'Resolved', and 'Notices': 

Alerts with levels 1-5 appear in the 'unresolved' tab, until one of your authorized teammates resolves them and they move to the 'resolved' tab.
 

Alert levels

These icons represent the various possible alert levels of alerts and notices:

The yellow circle represents a notice (alert level 0), and the other icons represent alerts with levels of 1-5 corresponding to the number of red bars.

Alerts with an alert level of 0 are 'notices', and don't require resolution.
 

How to read alerts

The following screenshot shows a group of 10 alerts created by the same trigger: 

An alert group's threat level icon (level 3 in this example) always shows the highest alert level for any alert in the group. Click a group to expand it and view each alert:

To investigate an alert, click it to expand the terminal and view data recorded from the relevant session. In this example, the trigger fired on session connect: 

Hover over blue text in the alert to view additional information, such as about the session user, or IP address:

 

How to resolve alerts

Once alerts have received the required attention, to resolve them (either individually or in groups) click 'Resolve', then enter a note explaining the resolution:

The alert(s) will now appear under 'Resolved', along with the note:


 

Next:

Learn about how to create alerts by reading the Triggers overview.
 
 

Did this answer your question?