Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Alert Actions

            Modified on Wed, 18 Sep, 2024 at 12:01 AM

            This article outlines actions that can be taken against alerts in the Alert Dashboard. Select the action for a step by step guide:

            • Assign Alert(s) to an Investigation
            • Dismiss alert(s)

             

            Assign Alert(s) to an Investigation

            You may need to triage and analyze alerts further, you can complete this through the Alerts widget and open an investigation. For an overview of investigations refer to Investigations Overview or for actions refer to Investigations.


            Dismiss alert(s)

            In review of alerts, you may determine that an alert can be dismissed - this could be for a multitude of reasons ranging from identifying a false positive, an alert based on a vulnerability which is not applicable to your environment through to an alert based on a download being blocked which does not require investigation. 

            Samurai XDR helps you prioritize alert triage by displaying the identified Severity and Confidence. For more information refer to Alert Management Dashboard.

             

            Alert Management Dashboard:

            1. Within the Alerts Widget right click on the alert and select Dismiss Alert. 

            dismiss_alert_alerts_widget_new.png

            Figure 1: Dismiss alert in alerts widget

             

            You can also dismiss multiple alerts by highlighting each alert (a count will be displayed) and right click and select Dismiss Alert


            dismiss_multiple_alert_new.png

            Figure 2: Dismiss multiple alerts

             

            mceclip0.png Alternatively, you can select moreoptions.PNG (more options) and click Dismiss Alert(s)

             

            Filters

            Columns

            Filters allow you to select specific events of interest. 

            You can add multiple filters in a single view. The filter can be applied across all columns except "Timestamp"

            In the example below, select the column "Severity", then severity type. Once selected, only the selected type will be shown across all events in the time period.

            After selection, you will see only Severity of Critical shown. Clicking on the column again will allow you to reset the filter, or move to another column and select another filter.

             

             

             Selecting another column. Select another column, then in this example, IP Address. 

             

            Selecting an IP Address to add the filter. The view now shows two columns with filters.


             Selections

            You can also filter by selecting specific events by clicking the checkbox. You can select multiples. From this action you can:

            Select the filter "Selected" button to only show those events selected

            Right-click and perform other actions:

            • Copy
            • View Details
            • Assign to Investigation
            • Dismiss Alerts

             

            Preview
            0 of 0