You can use the following consoles to analyze alerts:
The Threat Response dashboard provides an overview of alerts generated by the Change Guardian server.
You can perform the following operations on this dashboard:
View alerts in new state by ownership and priority
Customize the default view to display alerts in investigating state
View the list of alerts and their details
The alerts you can view depend on the alert permissions applicable to your role and the tenancy of your role. For more information about permission to manage alerts, see Understanding the Roles.
Using the Alerts View you can perform the following operations:
Assign alerts to other users
Change the state of an alert to New, Investigating, or Closed
If you do not manually close an alert, it remains open.
Export alerts to an Excel file
Share content with others using a URL
View alert details such as the event that triggered the alert, the rule that generated the alert, the list of users involved in the alert, and so on
NOTE:The alert retention policies control when the alerts should be closed and deleted from Change Guardian. For information about configuring alert retention policies, see Configuring Alert Retention Policies.
You can see a high-level overview of the alerts in your organization using the Alert dashboard. Using the Alert dashboard you can analyze and study common patterns in alerts. A Change Guardian admin can investigate alerts, monitor team load, and monitor performance against tenant service-level agreement (SLA).
Types of alerts
Average time taken to close alerts
Top correlation rule generating the maximum number of alerts
Geographical origin of high-severity alerts
Oldest open alerts
Alerts that took the longest time to close