Alert Actions

Modified on Wed, 16 Aug 2023 at 07:34 AM

This article outlines actions that can be taken against alerts in the Alert Dashboard. Select the action for a step by step guide:

  • Assign Alert(s) to an Investigation
  • Dismiss alert(s)


Assign Alert(s) to an Investigation

You may need to triage and analyze alerts further, you can complete this through the Alerts widget and open an investigation. For an overview of investigations refer to Investigations Overview or for actions refer to Investigations.

Dismiss alert(s)

In review of alerts, you may determine that an alert can be dismissed - this could be for a multitude of reasons ranging from identifying a false positive, an alert based on a vulnerability which is not applicable to your environment through to an alert based on a download being blocked which does not require investigation. 

Samurai XDR helps you prioritize alert triage by displaying the identified Severity and Confidence. For more information refer to Alert Management Dashboard.


Alert Management Dashboard:

  1. Within the Alerts Widget right click on the alert and select Dismiss Alert. 


Figure 1: Dismiss alert in alerts widget


You can also dismiss multiple alerts by highlighting each alert (a count will be displayed) and right click and select Dismiss Alert


Figure 2: Dismiss multiple alerts


mceclip0.png Alternatively you can select  moreoptions.PNG (more options) and click Dismiss Alert(s)