Investigate an alert
Alerts from Chronicle
To view more information about an alert in Alert View, click the alert name in Alerts List.
Alert view
Alert view shows a variety of information with regards to the alert, including:
- Alert Status:
- Alert status can be new, open, reviewed, or closed
- Alert priority can be info, low, medium, high, or critical
- Alert severity
- Alert Details—Displays when the alert was created and updated and its associated rule.
- Decision States—Displays the verdict for the alert and if it is an indication of a security issue.
- History—Displays the history of changes made to the alert by your security team.
From Alert view, you can change the status of an alert by clicking Alert Options and then Change Alert Status.
Alert Status
From the Alert Status pop-up window, you can change the priority and severity of the alert.
Alerts from Chronicle SOAR
Alerts from Chronicle SOAR include additional information about the Chronicle SOAR case. It also provides a link to open the case in Chronicle SOAR. For more information, see Chronicle SOAR.
Alert for Chronicle SOAR case