After an alert is generated on a host and displayed on the Seqrite XDR console, it is designated an open status by default.
- The IR will assign the open status alert to self or another IR in the team for investigation, analysis, and appropriate remediation action.
- After the alert is assigned to an IR, the IR starts working on the alert.
- The assigned IR will analyze the alert, perform root cause analysis. After the analysis is complete, IR takes appropriate remediation action if required.
- After analysis is completed, the IR changes the status of the alert to closed.
All the activities carried out during the analysis such as status change, assignee change, comments entered during the analysis, and remediation actions taken are logged. The IR can see these logged activities on the investigation workflow page.