Login
    Contents x
    Modifying the Alert Status
    • 20 Mar 2024
    • 1 Minute to read
    • Print
    • Dark
      Light
    • PDF
    Contents

    Modifying the Alert Status

    • Updated on 20 Mar 2024
    • 1 Minute to read
    • Print
    • Dark
      Light
    • PDF
    Article Summary

    When you open an Unseen alert the first time from the Alerts table or from Rules Manager> Rule drawer> Alerts History table, the status of the alert automatically changes to Open.

    On the Alerts page, you can manually mark a single or bulk selection of Unseen alerts as seen or change the status of a single alert to any status (except Unseen) using inline editing, without even opening the alert.

    Marking Alerts as Seen

    From the Alerts page, you can mark a single or a bulk selection of Unseen alerts as seen (i.e., change their statuses to Open) using a single action.

    To mark Alerts' statuses as seen (i.e., Open)

    1. In the Alerts table, hover over a row of a single Unseen alert and click the Mark as seen icon MarkAsSeenIcon or select the checkboxes of one or more Unseen alerts, and then click Mark as seen action MarkAsSeenAction.
      A popup notification indicates how many alerts have been successfully marked as seen as a result of this action. For example: Successfully marked 2 finding alerts as seen.
      When none of the selected alerts are in Unseen status, a popup notification displays: None of the selected finding alerts are marked as unseen.

    Inline Editing the Status of a Single Alert

    After beginning to actively investigate the cause of an alert, you can manually change the status to In Progress. Then, depending on the results of your investigation, you can change the status to Closed or Canceled.
    All status changes are logged in the audit log.
    For example: alert id 123 active_directory_adapter status was changed from Unseen to Open.

    Note:

    You can change the status of an alert to any other status except Unseen.

    To change the status of a single Alert

    1. In the Alerts table, in the row of the Alert, hover over the entry in the Status column, and click the Change Status ChangeStatusIcon icon.
    2. In the Change Status dialog that opens, from the dropdown, select the new status:
      • Open - You viewed the cause of the alert.
      • In Progress - You have started investigating the cause of the alert.
      • Closed - The problem causing the alert has been solved.
      • Canceled - The alert is false positive.

    ChangeStatusDropdown

    1. Click Change Status. The alert status changes in the table.
    Was this article helpful?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout