Skip Navigation

Manage Alerts in CylanceMDR

Seven simple steps to view and investigate alerts

The escalations page gives you details about the events detected by the CylancePROTECT and CylanceOPTICS agents on users’ devices. You can use this page to review and manage the alerts.

Note that CylanceGUARD is now known as CylanceMDR.

Screenshot of path to escalations page

1. Click Escalations

On the escalations page, you can use the search field to filter the alerts.

Screenshot of overview of escalated alert

2. Click an alert to view details

Screenshot of Assignee field

3. Assign the alert to yourself

Taking ownership of an alert lets others know that someone is already investigating it.

Screenshot of sample alert details

4. Review and investigate the alert

You can read through the trigger events and comments for information about the alert. Use this information to investigate and determine whether it was expected or unexpected behavior.

For example, a CylanceMDR analyst may have left a comment asking you to verify suspicious activity such as, “We have seen a PowerShell script running on System A that is connecting to the following IP address, is this behavior expected on this system?"

Screenshot of comment section

5. Add comments

You can use the comment box to share or request information and communicate any actions or next steps.

For example, if this is expected behavior, add a comment to inform the CylanceMDR analyst so that they can take action in the console to exclude this alert in the future.

If this is unexpected behavior, communicate any actions, next steps, and if you need an incident response team such as BlackBerry Security Services.

Screenshot of setting alert status to "closed"

6. Close the alert

Set the state of the alert to Closed and click Save. 

After the case is closed, it can't be reopened. 

Screenshot of overview of closed alert

7. That's it!

You have successfully handled an escalation in CylanceMDR.

For more information about handling escalations in CylanceMDR, see Escalations in the CylanceMDR User Guide.