Skip Navigation

Status changes for alerts

The status of individual alerts from various sections of the
Cylance
console (for example, Protection > Threats,
CylanceOPTICS
> Detections, and Protection > Protect Mobile alerts) correspond to an equivalent status in the
Cylance
Multi-Tenant Console
Alerts view. When an alert status changes from the
Cylance
console, the status is also updated in the Alerts view. For example, if the status of an alert in the
Cylance
Detections view changes to False Positive, the status in the Alerts view changes to Closed.
When you change the status of individual alerts in the Alerts view, an equivalent status change is displayed in the
Cylance
Detections view for
CylanceOPTICS
. Currently, status changes that you initiate in the Alerts view will not be displayed in the Protection > Threats view or in the Protection > Protect Mobile alerts view in the
Cylance
console.
Note the following equivalent states from the
Cylance
console for
CylancePROTECT Desktop
threat alerts:
  • Alerts displayed in Protection > Threats with an Unsafe, Abnormal, or Quarantined status have a New status in the Alerts view.
  • Alerts displayed in Protection > Threats with a Waived status have a Closed status in the Alerts view.
If you set a status for an alert group, the individual alerts in that group are assigned the status that you selected. If the individual alerts in an alert group have different statuses, either from manual status changes or as a result of status changes that come from another view (for example,
CylanceOPTICS
> Detections), the status of the alert group changes to Multiple. If all of the individual alerts in an alert group have the same status, the alert group will also have the same status. For example, if all of the individual alerts have a status of Closed, the status of the alert group is also Closed.