Skip to main content

Triaged alerts

This page contains a list of incidents that were received from GravityZone, and after being triaged by the SOC team, were deemed not need further alert.

These incidents are not available in any other list in the MDR console.

a2.png

On this page, you also have several filtering options and additional information for each action.

  • Case number - the ID of the alert.

    Note

    Click any case number to display additional information about the event.

  • Detected on - timestamp of when the alert was initiated.

  • Category - the type of the alert.

    • Expected Activity

    • False Positive

    • Malicious Code

    • Poor Security Practice

    • Potentially Unwanted Program

    • Scans

    • Unauthorized System Access

    • Vulnerability Exploitation

  • Severity - the severity of the incident, as resulted from an alert. The severity of an incident can have one of these values:

    • Low

    • Medium

    • High

    • No threat

    • Unknown

  • Detection - the name of the signature on which the alert is based.

  • Entity - the name of the endpoint involved (or org for multiple endpoints). The triggering alert may no longer be associated only with a hostname. It can also be with a network address or a username.

  • Company - the name of the company where the threat was detected.

In this section: