Create a Filter in Alert Triage
Create a filter to find and triage a subset of alerts by criteria you specify.
On the All Saved Filters
tab, click Review All Alerts. A new tab opens.To determine which alerts appear under the filter, click Filters, then specify the filter criteria:
Time range – When the alert was created: in the last day, last three days, last seven days, last 30 days, or select Custom time range to specify a specific date and time.
Source – The source that created the alert; for example, CrowdStrike Falcon.
Severity – How severe the alert is, according to the alert source; for example, low, medium, high, or critical.
Type – The alert type; for example, Compliance or Malware.
Name – The alert name; for example, Suspicious Application Data Access.
Click Save filters. The filter appears under Saved filters.
Enter basic information about the filter:
Filter Name – Enter a name for the filter.
(Optional) Sharing Permission – Select who can view and use the filter. If you have the Standard User role, you can only select Private.
Private – Restrict the filter to yourself.
Share with everyone – Share the filter with everyone in your organization.
Share with select users – Share the filter with specific people in your organization.
(Optional) Description – Describe the filter.
Click Save.