Managing aggregated alerts Skip Navigation

Managing aggregated alerts

The Alerts view gives you a comprehensive way to review the alerts that are detected and correlated across
Cylance Endpoint Security
services, making it easier for you to identify and track prevailing threat patterns in your corporate ecosystem and resolve collections of alerts more efficiently. The correlation of alerts across services offers a more complete view of potential threats and allows for a more holistic approach to protecting your organization's employees and data.
To view and use the new Alerts view, you currently must have an entitlement for CylanceOPTICS. Future updates will extend the Alerts view to customers with entitlements for other
Cylance Endpoint Security
services.
The Alerts view currently supports alerts from the following sources:
Future updates will add support for alerts from additional
Cylance Endpoint Security
services.
The initial Alerts view is a summary that groups similar alerts based on criteria such as priority, alert category, configured responses, and other key alert attributes. For more information about the criteria, see How Cylance Endpoint Security groups alerts. The automated grouping of alerts reflects both the frequency and prevalence of alerts, giving analysts a clear view of how often threats occur and where they occur. By default, the alert groups are sorted in descending order by priority to provide a top-down view of all relevant security telemetry. Each group lists one or more key indicators that you can click to view summary information about the group (for example, an
CylanceOPTICS
artifact such as File or Process). As new alerts are detected and processed from the cybersecurity telemetry sources, they are added to an existing group or to a new group.
You can click an alert group to access additional overview information and a list of individual alerts in the grouping. You can click an individual alert to open granular details, and where applicable, you can navigate to other areas of the console for more information or actions. For example, certain
CylanceOPTICS
alerts will include a link to the detections view where you can initiate remediation actions to quarantine a file, lock the device, and so on.
You can sort and filter alert groups and elements by various criteria, allowing you to scope and focus your threat-hunting activities. You can assign alert groupings or individual alerts to specific administrators for further action, and you can set the status of alerts to track progress.