Modifying Alert Status

On the Alerts page, you can manually change the status of a single alert or mark a bulk selection of alerts as seen.

Manually Changing the Alert Status

After opening an alert the first time, its status is automatically updated from 'Unseen' to 'Open'. After beginning to actively investigate the cause of the alert, you can manually change the status to 'In Progress'. Then, depending on the results of your investigation, you can change the status to 'Closed' or 'Canceled'.
All status changes are logged in the audit log.
For example: alert id 123 active_directory_adapter status was changed from “unseen” to “open”

To change the status of an Alert

• In the Alerts table, in the row of the Alert, hover over the entry in the Status column, and click the Change Status icon.

2. In the Change Status dialog that opens, from the dropdown, select the new status:
   • Open - You viewed the cause of the alert.
   • In Progress - You have started investigating the cause of the alert.
   • Closed - The problem causing the alert has been solved.
   • Canceled - The alert is false positive.

4. Click Change Status.

Bulk Marking Alerts as Seen

On the Alerts page, you can mark a bulk selection of alerts as seen (i.e., change their statuses to Open) using a single action. Only the status of Unseen alerts changes to Open (seen).

To bulk mark Alerts' statuses as seen (i.e., Open)

1. In the Alerts table, select the checkboxes of unseen alerts that you want to mark as seen, and then in the Actions menu, click Mark as seen. The values in the Status column of the selected unseen alerts changes to Open.
   • A popup notification indicates how many alerts have been successfully marked as seen as a result of this action. For example: Successfully marked 2 finding alerts as seen.
   • When none of the selected alerts are in Unseen status, a popup notification displays: None of the selected finding alerts are marked as unseen.