FAQs

Q. How do I see incidents that need reviewing?

When you first go to the Incidents page, it shows a list of all incidents visible to you that haven’t yet been reviewed. You can choose to view only certain incidents, using filters. For more information, see Managing Incidents.

Q. How do I make a decision on an incident or alert?

The Incidents page allows you to review information on an incident, and review alerts as 'risk' or 'no-risk', discount alerts, or put the incident aside to work on later. For more information, see Managing Incidents.

Q. How do I see more information on an incident or alert?

The Incident Review page contains detailed information on:

• The event that triggered an alert

• The entity that event happened to

• Related user activity, including how previous alerts for the same entity were reviewed

• Notes and comments from analysts who reviewed previous alerts

For more information, see Incident Review Page.

Q. How do I search for a particular entity or event?

The search box in the UI header allows you to search for entities or events by ID or by fields within the event data, and then you can view and filter those results in the Events section of the UI. For more information, see Viewing Events.

Q. How do I refer or escalate an incident to someone else?

You can do this from the Incident Review page. For more information, see Incident Review Page.