What permissions do I need?
To access the Alerts overview area and change the alert status, you need at least the Triggered alerts (view) and the Read/unread alert permissions (see a detailed description of the alerts permissions here).
Changing status
TheĀ Status column indicates to what extent a triggered alert has been acknowledged. There are four possible values:
Unread: the alert details have not been viewed yet by any user in the domain.
Watched: the alert's details have been viewed by any user in the domain.
False positive: the alert has been reviewed and deemed irrelevant for the purpose of the analysis.
Closed: the alert does not need to be monitored anymore. You can indicate in your user preferences if you want closed alerts to appear in the Alerts overview.
Change status of a single alert
You can change the status of an alert by clicking it on the list and select the desired option. Expanding the alert details will automatically mark it as watched (see details section above).
Change status in bulk
You can change the status of several alerts by checking the boxes next to the names, clicking the Bulk actions button next to the master checkbox, and selecting Change status followed by the desired status.