Skip to main content

Alert Actions

  • Updated

This article outlines actions that can be taken against alerts in the Alert Dashboard. Select the action for a step by step guide:

 

Assign Alert(s) to an Investigation

You may need to triage and analyze alerts further, you can complete this through the Alerts widget and open an investigation. For an overview of investigations refer to Investigations Overview or for actions refer to Investigations.

 

Dismiss / undismiss alert(s)

In review of alerts, you may determine that an alert can be dismissed - this could be for a multitude of reasons ranging from identifying a false positive, an alert based on a vulnerability which is not applicable to your environment through to an alert based on a download being blocked which does not require investigation. Conversely, you can undismiss an alert if you find it is of value and requires further investigation.

Samurai XDR helps you prioritize alert triage by displaying the identified Severity and Confidence. For more information refer to Alert Management Dashboard.

You can dismiss or undismiss an alert from various areas in the Samurai XDR application:

 

Alert Management Dashboard:

  1. Within the Alerts Widget right click on the alert and select Dismiss Alert. 

dismiss_alert.PNG

Figure 1: Dismiss alert in alerts widget

 

You can also dismiss multiple alerts by highlighting each alert (a count will be displayed) and right click and select Dismiss Alert

dismiss_multiple_alerts.PNG

Figure 2: Dismiss multiple alerts

 

mceclip0.png Alternatively you can select  moreoptions.PNG (more options) and click Dismiss Alert(s)

 

By dismissing an alert(s) the alert State will be updated to Dismissed. When hovering over the alert state the user who performed this action is displayed with a timestamp. 

 

Any dismissed alerts can also be undismissed using the same methodology, but instead selecting Undismiss Alert

undissmiss_alert.PNG

Figure 3: Undismiss alerts 

 

Dismiss alert(s) associated with an Investigation

As you investigate alerts as part of an Investigation you may determine that it is not required within that Investigation therefore wish to dismiss the alert.

  1. Click Investigations from the main menu
  2. Find and click on the name of the Investigation
  3. Select the appropriate assigned Alert(s) and right click and select Dismiss Alert(s)

Alternatively you can navigate to the Investigation directly from the Alert Details panel of the alert.

undismiss_alert_investigation.PNG

Figure 4: dismiss alert assigned to investigation

 

mceclip0.png Any alerts assigned to an Investigation and that are dismissed, remove the alert from the Investigation. You will find the Dismissed Alert within the Alert Widget. Follow the steps to undissmiss an alert in the previous section.

 

mceclip0.png Dismissed alerts can be assigned to an Investigation.

 

 

 

 

 

 

 

 

Was this article helpful?
0 out of 0 found this helpful
Return to top

Related articles

Comments

0 comments

Article is closed for comments.