This article outlines actions that can be taken against alerts in the Alert Dashboard. Select the action for a step by step guide:
Assign Alert(s) to an Investigation
You may need to triage and analyze alerts further, you can complete this through the Alerts widget and open an investigation. For an overview of investigations refer to Investigations Overview or for actions refer to Investigations.
Dismiss alert(s)
In review of alerts, you may determine that an alert can be dismissed - this could be for a multitude of reasons ranging from identifying a false positive, an alert based on a vulnerability which is not applicable to your environment through to an alert based on a download being blocked which does not require investigation.
Samurai XDR helps you prioritize alert triage by displaying the identified Severity and Confidence. For more information refer to Alert Management Dashboard.
Alert Management Dashboard:
- Within the Alerts Widget right click on the alert and select Dismiss Alert.
Figure 1: Dismiss alert in alerts widget
You can also dismiss multiple alerts by highlighting each alert (a count will be displayed) and right click and select Dismiss Alert
Figure 2: Dismiss multiple alerts
Alternatively you can select (more options) and click Dismiss Alert(s)