Document toolboxDocument toolbox

Alert heatmap

Overview

The Alert Heatmap allows you to see the concentration of fired alerts per technique and tactic for a specific period of time. You can also see the total number of fired alerts at the top right and additional information about techniques by hovering over the information icon in the matrix.

The matrix will use the technique, tactic or alert with the most alerts as the basis to calculate the density and color coding for the fired alerts.

10_Alert heatmap.png

The table at the bottom shows the specific alerts fired, as well as their details and number of times fired.

20_Alert heatmap.png

Filter the alert heatmap

Use the filters and date picker to show the results accordingly on the matrix and the table.

Tables can be filtered by column, as shown below. You can also use the column text searches to find alerts that contain a given string in a specific column, and enhancing the search by choosing any of the following restrictions: 'Contains', 'Does not contain', 'Equals', 'Does not equal', 'Begins with', 'Ends with', 'Is blank', and 'Is not blank'.

Export alert heatmap

This area can now be exported in JSON or PDF formats to help share information with other peers, reaching a broader audience without requiring access to the application. To do it, simply click on the Export button at the top right and select the desired format (PDF or JSON).

The exported file will contain the heatmap exactly as displayed on the matrix at the moment of performing the export. This means that the filters and time range explained above will be taken into account when exporting.

As with the alert heatmap, the alert list can also be exported in CSV format to help with the information-sharing process.

Examples

In this example, the highest number of alerts fired for all techniques is 300.

Technique A

300

100.00%

between 75% and 100% of the technique with the most alerts

Technique B

250

83.33%

between 75% and 100% of the technique with the most alerts

Technique C

200

66.67%

between 50% and 74.99% of the technique with the most alerts

Technique D

150

50.00%

between 50% and 74.99% of the technique with the most alerts

Technique E

100

33.33%

between 25% and 49.99% of the technique with the most alerts

Technique F

50

16.67%

between 0% and 24.99% of the technique with the most alerts

Technique G

25

8.33%

between 0% and 24.99% of the technique with the most alerts

Technique H

10

3.33%

between 0% and 24.99% of the technique with the most alerts

Technique example 2

In this example, the highest number of alerts fired for all techniques is 1000.

Technique A

1000

100.00%

between 75% and 100% of the technique with the most alerts

Technique B

500

50.00%

between 50% and 74.99% of the technique with the most alerts

Technique C

400

40.00%

between 25% and 49.99% of the technique with the most alerts

Technique D

300

30.00%

between 25% and 49.99% of the technique with the most alerts

Technique E

100

10.00%

between 0% and 24.99% of the technique with the most alerts

Technique F

50

5.00%

between 0% and 24.99% of the technique with the most alerts

Technique G

25

2.50%

between 0% and 24.99% of the technique with the most alerts

Technique H

10

1.00%

between 0% and 24.99% of the technique with the most alerts

Tactic example

In this example, the highest number of alerts fired for all tactics is 1000.

Tactic A

1000

100.00%

between 75% and 100% of the tactic with the most alerts

Tactic B

500

50.00%

between 50% and 74.99% of the tactic with the most alerts

Tactic C

300

30.00%

between 25% and 49.99% of the tactic with the most alerts

Tactic D

150

15.00%

between 0% and 24.99% of the tactic with the most alerts

Tactic E

100

10.00%

between 0% and 24.99% of the tactic awith the most alerts

Alerts example

In this example, the highest number of alerts fired for individual alerts is 100.

Tactic A

100

100.00%

between 75% and 100% of the alert with the most alerts

Tactic B

80

80.00%

between 75% and 100% of the alert with the most alerts

Tactic C

50

50.00%

between 50% and 74.99% of the alert with the most alerts

Tactic D

26

26.00%

between 25% and 49.99% of the alert with the most alerts

Tactic E

2

2.00%

between 0% and 24.99% of the alert with the most alerts

 

Related articles:

Â