Alert details

Use the Alert details panel to view details about a specific alert.

When you click on an alert from the alerts panel, the Alert details panel displays with additional information about the alert. Depending on the type of alert and whether it originated from Neo or Forcepoint DLP, the additional information may include the Forcepoint DLP incident, policy rule, or IoB triggered by the selected user activity and details about the activity, along with the monitored channel and specific action. More information displays in the top toolbar of the Alert details, including the date and time, device, domain, operating system, and IP address of the selected activity.

1

Severity: Indicates the impact of the user actions.

2

Matched rule: Displays the matched rule.

3

Details: Displays the details on the user activity.

4

Forensics: Displays the event logs.

5

Endpoint time zone: Displays the alert reporting time which is the timezone on the endpoint.

Edit the IoB for specific alerts using the icon. For more details, refer the section Edit IoB.

For users logged in as analyst, the Details field will be anonymized.

Export PDF reports for specific alerts using the icon. For more details, refer the section Export data from Forcepoint Neo portal.