Bulk Action

Print Friendly, PDF & Email

Active Alerts – Bulk Action

You can select multiple Alerts at a time and perform the actions of assigning to a user, changing the severity, or changing the status of the selected alerts.

Note: The selected action will apply to all the alerts that are selected, so it is recommended to use the option carefully.

To apply action on the selected alerts, do the following,

  1. Navigate to the Alerts page Canvas View.
  2. In the right side Alerts pane, select the Select All alerts check box to select all alerts at a time to apply the required action.
    BulkActivity1
  3. Select the required Assign, Change Severity or Change status by clicking the respective button.
    If you click the Assign button, the Alert Assignee dialog opens.
    Select the Assignee to whom you want to assign the selected Alerts.
    Enter what you have changed in the Enter Change Description box.
    AlertAssigneeIf you click the Change Severity button, the Alert Severity dialog opens.
    Select the Severity.
    Enter what you have changed in the Enter Change Description box.
    AlertSeverityIf you click the Change Status button, the Alert Status dialog opens.
    Select the Status as required.
    Enter what you have changed in the Enter Change Description box.
    AlertStatus
  4. Click Save to save the changes. The selected action is applied to all the selected alerts.

Using the Zoom control

Use the Zoom control on the lower left corner of the Canvas view to zoom in or zoom out as required for the canvas view.

Using the Filter View

Apply the filters to narrow down your search criteria for displaying the alerts. You can filter by Severity, Status, Alert Details such as Process Name, Host Name, Assignee and Tactics.

The following filter options are supported:

Filters

Description

Severity

Helps to select the severity of the alert.

Status

Open, and In-progress

Alert Details –
Process Name

The corresponding process or file name

Alert Type

The alert type is Custom or System.

Alert Details –
Host Name

List of Host Names along with auto suggestion while typing as there will be a long list.

Tactics

Shows the tactics on which the alert is generated.

Assigned To

List of users to whom the alert is assigned along with autosuggestion while typing to help select as there will be a long list.

For example, to view only High severity alerts, do the following:

  1. On the List View, Click “Add+” besides the Filter textbox. The available options are displayed.
    Filter Dialog
  2. Select sev.high which means alerts of high severity.
  3. Select the status, Open or In-Progress, if required.
  4. Select the Alert Type, System or Custom alert.
  5. Select other conditions and click Apply
    All the alerts having high severity are displayed.

Selecting the View duration 

You can view the alerts in the following hours, days or weekly or monthly slots:

  • Last 1 hour
  • Last 3 hours
  • Last 6 hours
  • Last 12 hours
  • Last 24 hours
  • Today (Since midnight 12.00 AM)
  • Last 7 days
  • Last 15 days
  • Last 30 days
  • This week (since Sunday midnight 12.00 AM)
  • This month (since beginning of the month)

Time View

Viewing alert details for a particular host

Click on a colored dot (which represents the endpoint host) on the Canvas view to display the details for that particular host.

Was this page helpful?