- Get Started with Threat Center
- Threat Center
- Threat Center Permissions
- Threat Center Alerts: Read
- Threat Center Alerts: Read, Write, and Delete
- Threat Center Cases: Read
- Threat Center Cases: Read, Write, and Delete
- Threat Center Detection Grouping Rules: Read
- Threat Center Detection Grouping Rules: Read, Write, and Delete
- Threat Center Watchlist: Read
- Threat Center Watchlist: Read, Write, and Delete
- Threat Center Cases
- Threat Center Alerts
- Threat Center Detections
- Threat Center Risk Score
- Monitor Entities of Interest in Threat Center
- Group Detections
- Work on Cases
- Work on Alerts
- Edit and Collaborate in Threat Center
- Use Automation Tools in Threat Center
- Find Cases and Alerts
- Sort Cases or Alerts
- Filter Cases or Alerts
- Search for Cases or Alerts in Threat Center
- Build a Search in Threat Center
- Enter a Search Using Exabeam Query Language in Threat Center
- Enter a Search Using Natural Language in Threat Center
- Run a Recent Search in Threat Center
- Create a New Saved Search in Threat Center
- Run a Saved Search in Threat Center
- Edit a Saved Search in Threat Center
- Delete a Saved Search in Threat Center
- View Case and Alert Metrics
- Get Notified About Threat Center
- Threat Center APIs
PrevNext
Work on Alerts
Use Threat Center to triage alerts. If an alert is a true threat that requires a response, convert the alert to a case. To indicate an alert needs to be reviewed again later, mark it as unread. To indicate an alert has been reviewed and doesn't need to be reviewed again, dismiss it.
Triage Alerts in Threat Center
Decide which alerts you should respond to and convert to a case.
Manually Convert an Alert to a Case
Manually convert an alert to a case to start tracking your response to a threat and assign the case to the person responsible for responding.
Indicate an alert needs to be reviewed again later.
Indicate an alert has been reviewed and doesn't need to be reviewed again.