Alert Priority
Understand how Alert Triage assigns alerts a priority.
To help you quickly prioritize alerts, reduce noise, and decide which alert to look at first, Alert Triage assigns each alert a priority.
When an alert is ingested, machine learning algorithms assess various indicators, including:
Whether it's the first time the alert name and alert type has appeared for your organization in the past 30 days
Whether it's the first time the alert name and alert type has appeared for the user in the past 30 days
Whether it's the first time the alert name and alert type has appeared for the asset in the past 30 days
How rare the combination of alert name and alert type is
How rare the the combination of alert vendor and severity is
Based on these indicators, Alert Triage assigns the alert a priority: high, low, or observational. A high priority suggests you should investigate the alert first. A low priority suggests you should investigate the alert after higher priority alerts. An observational priority suggests that the alert is uninteresting, and you can safely ignore it; for example, alerts that are too frequent and created within seconds of each other are assigned the observational priority.
When you first start using Alert Triage, it may take machine learning algorithms up to three weeks to train, during which your alerts aren't assigned a priority.
In Alert Insights, view real time statistics on how many alerts are assigned each priority.