Alerts Tab

The Alerts tab displays the list of alerts associated with an incident.

The Relationship column displays the reason an alert is associated with an incident.

For more information on other alert data description, see Alert View Data.

The following table outlines the actions you can perform on the associated alerts on the Alerts tab.

Table 1.

Action

Description

Change the alert status

Select one or more alerts and click Change Status to update the progress of alerts or investigations.

For more information, see Alert View Data.

Note:

If you select Closed - false positive, you need to specify why you think this alert was false.

Link alerts to an incident

After performing an alert investigation, select one or more alerts and click Link to Incident or Link to Another Incident to associate the selected alerts with the specified incident.

Note:
  • If an alert is manually linked to an incident or unlinked from an incident, Trend Micro Vision One does not correlate the alert if a new alert is received.

  • An alert can only be associated with one incident.

Unlink alerts from an incident

After performing an alert investigation, select one or more alerts and click Unlink from Incident.

Note:

If an alert is manually linked to an incident or unlinked from an incident, Trend Micro Vision One does not correlate the alert if a new alert is received.