Page Comparison

...

One can add details about the alert and description about the steps taken in triaging the alert.

Operator Usage in Easy Mode

1. Click + on the parent node.
2. Search for Alert Triage operator in the search field and select the operator from the Results to open the operator form.
3. In the Table drop-down, enter or select a table from which to source the data.
4. In the Details field, enter the alert details.
5. In the Description field, enter a description of the triaged alert.
6. Click Run to view the result.
7. Click Save to add the operator to the playbook.
8. Click Cancel to discard the operator form.

Usage Details

LQL Command

alertTriage(table: TableReference, details: String, description: String)

...

Output
Same as the input table. Additionally, logs triage-info and is available in System_Event_Type event-type.

Example

Input = alertTriageNode

LQL Command

...