The Alert View screen displays alerts triggered by detection models and allows you to further investigate each alert.
You can investigate alerts through an in-depth root cause and impact analysis, which helps you understand the extent and severity of any alert and further determine actions to respond to the alerts.
The following table outlines the actions available on the Alert View screen.
Action |
Description |
---|---|
Filter alert data |
Use the search text box and the following drop-down lists to filter alert data:
|
View and sort alerts |
View the table to check all the alerts. Click column headings to sort alerts, for example, click Score to prioritize the alerts for further investigation. |
Change the view |
Select an option from the View drop-down list:
|
Change the alert status |
Select one or more alerts and click Change Status to update the progress of alerts or investigations. For more information, see Alert View Data. Note:
If you select Closed - false positive, you need to specify why you think this alert was false. |
Assign owner |
Select one or more alerts and click Assign Owner to assign accounts within your organization to the alerts. For more information, see Assigning Alerts. |
Link alerts to an incident |
After performing an alert investigation, select one or more alerts and click Link to Incident or Link to Another Incident to associate the selected alerts with the specified incident. Note:
|
Unlink alerts from an incident |
After performing an alert investigation, select one or more alerts and click Unlink from Incident. Note:
If an alert is manually linked to an incident or unlinked from an incident, Trend Vision One does not correlate the alert if a new alert is received. |
View alert details |
Click the Workbench ID link to view the summary, highlights and observable graph of the triggered alert. For more information, see Alert Details. |