View and manage aggregated alerts Skip Navigation

View and manage aggregated alerts

Verify that your administrator role has the permissions required to use the Alerts view. The permissions for the Alerts view are contained in the Common section. The View alerts permission provides read-only access to the Alerts view. You require the Edit alerts and Delete alerts permissions to make changes to alert groups and individual alerts in this view. For more information, see Setting up administrators in the Setup content.
  1. In the management console, on the menu bar, click
    To select the columns that you want to display, scroll to the right and click Column selection icon.
  2. Do any of the following:
    Filter and sort alert groups.
    1. Click Column filter icon on a column and type or select the filter criteria. You can do any of the following:
      • Apply multiple filter criteria at once. To remove a filter, click x for that filter.
      • If the filter option uses a text field, type a value to view a list of matches (for
        Key indicators
        , the value is matched with the summary information that you can view when you click a key indicator).
      • If you filter by
        , click Settings icon for additional options (greater than, less than, and so on).
      • Filter by
        to scope results to specific
        Cylance Endpoint Security
      • Filter by
        Detection Time
        to scope results to a specific date and time range.
    2. To sort the alert groups in ascending or descending order by a column, click the name of the column (where applicable).
    View details for an alert group and individual device alerts.
    1. Click an alert group.
    2. Expand
      Alert Overview
    3. For the individual device alerts, do any of the following:
      • Sort and filter the alert information.
      • Change the status of the alerts. See Status changes for alerts.
      • Assign the alerts to a user.
      • Add or change labels for the alerts.
    4. To view details for an individual device alert, click the alert.
      You can set the status and assigned user from this panel. If applicable, you can click
      Detection Detail
      to view further details and actions in other areas of the console (for example, in the CylanceOPTICS detections view). The Detection Detail link will remain active for 60 days for
      CylancePROTECT Desktop
      threat alerts and for 30 days for other types of alerts.
    Search for alert groups by key indicator type or value.
    1. Click a key indicator for an alert group.
    2. Do any of the following:
      • To filter alert groups by key indicator type, click Column filter icon in the top-right of the pop-up window.
      • To filter alert groups by a key indicator value, hover over a value and click Column filter icon.
    Change the status of alert groups.
    Do any of the following:
    • To change the status of an alert group, in the
      drop-down list, click the appropriate status.
    • To change the status of multiple alert groups, select the alerts, click
      Change Status
      , click the appropriate status, and click
    Assign alert groups to a user.
    Do any of the following:
    • To assign an alert group to a user, in the
      column, click +, search for and click a user, and click
    • To assign multiple alert groups to a user, select the alerts, click
      Assign Alert
      , search for and select a user, and click
    Add or change the label for alert groups.
    You can add custom labels to alert groups to provide short notes or reminders or to use as filter criteria. To view labels you must set the Labels column to display.
    1. Select one or more alert groups.
    2. Click
      Change Labels
    3. Type a label and press ENTER or search for and select an existing label.
    4. Click
    To remove a label, click the label, click the x icon, and click
    Remove alert groups.
    1. Select one or more alert groups.
    2. Click
    3. Click
      again to confirm.