Alert details
Use the Alert details panel to view details about a specific alert.
When you click on an alert from the alerts panel, the Alert details panel displays with additional information about the alert which may include information like the policy rule, and/or IoB triggered by the selected user activity and details about the activity, along with the monitored channel and specific action taken. The top toolbar of the Alert details, includes the date and time, device, domain, operating system, and IP address of the selected activity.
- 1
- Severity: Indicates the impact of the user actions to the organization.
- 2
- Endpoint details: Displays the endpoint details if relevant such as: the agent version installed, policy version, IP address etc.
- 3
- Matched rule: Displays the matched policies and rules.
- 4
- Forensics: Displays additional information – metadata and the forensic artifacts (if applicable) captured as part of the Alert.
- 5
- Clicking
icon gives following options:
If you select the Copy Alert ID option, it copies the alert ID to clipboard.
if you select the Print as PDF option, it exports the complete alert details to a PDF.
For users logged in as analyst, the Details field will be anonymized.