Login
      Contents x
      Change Alert Analysis View
      • 12 Jul 2024
      • 1 Minute to read
      • PDF
      Contents

      Change Alert Analysis View

      • Updated on 12 Jul 2024
      • 1 Minute to read
      • PDF
      Article summary

      You can view your alerts environment by clicking specific tabs for an alert or endpoint.

      Alert tab

      The default view for your environment is set to Alert. This view shows you all of your alerts and can be organized by category. You can also view your provider data, including the Classification and Severity that your third party source provides.

      5.png

      Alert Timeline

      In the Alert view, you can access an in-depth view of a specific alert. 

      1. Click an alert to display the Alert Timeline.

        6.png

      2. In the Alert Timeline, you can review:

        • The alert summary and severity

        • The native identifier

        • JSON data

        • Analysis context

        • Correlation information

        • Details about the investigation

        • The endpoint, user, and other system activities that are correlated to the alert

          7.png

      3. When you are finished reviewing the alert, you can review the next alert underneath or close out the Alert Timeline tab to go back to the original alert view.

      Provider Details

      The Provider section in the Alert tab details the classification, severity, and source of an alert from your third party security product.

      • Classification—The classification of the alert as designated by the provider.

        8.png

      • Severity—The severity assigned to an alert by the provider.

        9.png

      • Source—The provider source of the alert. Click on a source to go to the Alert Sources landing page. Here you can make changes to the alert source.
        10.png

      Endpoint tab

      The Endpoint tab displays the number of alerts within your search criteria broken down by associated endpoints.

      11.png

      Category Highlights

      • Endpoints—Click on an endpoint and you will be taken to the Endpoints landing page. Here you can review the details of an endpoint.

        12.png

      • Alerts—Click this number to go back to the Alerts view and add search criteria for this endpoint. From here you can review every alert associated with that endpoint and review the Alert Timeline.

        13.png

      • Status—Click any of these numbers to go back to the Alerts view and add search criteria for this endpoint with a specific status (New, Investigating, Analysis Complete, Resolved). From here you can review every alert associated with that endpoint and status and review the Alert Timeline.

        14.png


      Was this article helpful?
      What's Next
      PRODUCTS
      USE RED CANARY
      SUPPORT
      Change password!
      Changing your password will log you out immediately. Use the new password to log back in.
      Change profile
      Success!
      First name must have atleast 2 characters. Numbers and special characters are not allowed.
      Last name must have atleast 1 characters. Numbers and special characters are not allowed.
      Enter a valid email
      Enter a valid password
      Your profile has been successfully updated.
      Logout