...
The Alerts History section of the page allows the user to see the original SecOps and Behavioral Alerts alerts that were triggered. The alerts are, by default, sorted by ascending order of alerts by time. Users can sort the alerts by several categories, including priority, risk score, and category. To further investigate the alert, users can click on toggle at the very right of the alert name to query the alert inside their Query App.
Name | Description |
|---|---|
Fields | Time: The time when the alert happened. |
Name | The name of the alert. SecOps alerts will have the SecOps alert title, otherwise behavior alerts will be titled by their model name. |
Priority | This is the priority of the alert. |
Category | Whether the alert is a SecOps or Behavior Alert. |
Tactic or Technique | The Mitre Tactics or Techniques that are associated with the alert. |
Related entities | Other entities that are associated with the particular alert. |
Within the Alert History you can expand each alert to drill down and get more details about the alert definition and associated context gathered when the alert triggered. The alert can be expanded to quickly show the description of what the alert is detecting, its LINQ query, and the associated data that contains other valuable context. If you want to drill down further into the alert you can click on the magnifying glass button to pivot into Devo’s data search window to view the raw events that triggered the alert.
Search for entities
There is an Entity Search box at the top of every page. Simply type a few characters and entities with be shown in a list below as you type. Clicking an entity name in the results will navigate to the Entity Details page for that entity.
...