- Get Started with Threat Center
- Threat Center
- Threat Center Permissions
- Threat Center Alerts: Read
- Threat Center Alerts: Read, Write, and Delete
- Threat Center Cases: Read
- Threat Center Cases: Read, Write, and Delete
- Threat Center Detection Grouping Rules: Read
- Threat Center Detection Grouping Rules: Read, Write, and Delete
- Threat Center Watchlist: Read
- Threat Center Watchlist: Read, Write, and Delete
- Threat Center Cases
- Threat Center Alerts
- Threat Center Detections
- Threat Center Risk Score
- Monitor Entities of Interest in Threat Center
- Group Detections
- Work on Cases
- Work on Alerts
- Edit and Collaborate in Threat Center
- Use Automation Tools in Threat Center
- Find Cases and Alerts
- Sort Cases or Alerts
- Filter Cases or Alerts
- Search for Cases or Alerts in Threat Center
- Build a Search in Threat Center
- Enter a Search Using Exabeam Query Language in Threat Center
- Enter a Search Using Natural Language in Threat Center
- Run a Recent Search in Threat Center
- Create a New Saved Search in Threat Center
- Run a Saved Search in Threat Center
- Edit a Saved Search in Threat Center
- Delete a Saved Search in Threat Center
- View Case and Alert Metrics
- Get Notified About Threat Center
- Threat Center APIs
Edit and Collaborate in Threat Center
Triaging alerts and investigating cases can be a team effort. Keep teammates informed, update alert and case details, and work more efficiently with tools like tags and notes.
Update Case or Alert Attributes
Update case or alert name, description, priority, and other attributes to reflect your triage or response workflows.
Categorize and find related cases and alerts with tags.
Share files relevant to your response efforts with attachments.
Case stages indicate where you are in your response to a threat.
Assign cases to groups of users and share your workload with Threat Center case queues.
Document your response and collaborate with your team in a case using notes.
Find all changes made to a case or alert.
Enhance your communication with font size, color, lists, code blocks, and more.
Send information about a case or alert with team members or other stakeholders.
To clear out obsolete cases or alerts, delete them.