Edit a Filter in Alert Triage
Edit the criteria for a filter you created. You can only edit filters you created.
Navigate to the All Saved Filters
tab, then select a filter.Click Filters, then change the filter criteria:
Time range – When the alert was created: in the last day, last three days, last seven days, last 30 days, or select Custom time range to specify a specific date and time.
Source – The source that created the alert; for example, CrowdStrike Falcon.
Severity – How severe the alert is, according to the alert source; for example, low, medium, high, or critical.
Type – The alert type; for example, Compliance or Malware.
Name – The alert name; for example, Suspicious Application Data Access.
To edit the existing filter, click Update. To create a new filter, click Save as.
Change any basic information about the filter:
Filter Name – Enter a name for the filter.
(Optional) Sharing Permission – Select who can view and use the filter. If you have the Standard User role, you can only select Private.
Private – Restrict the filter to yourself.
Share with everyone – Share the filter with everyone in your organization.
Share with select users – Share the filter with specific people in your organization.
(Optional) Description – Describe the filter.
Click Save.