Alert TriageAlert Triage Documentation

Alert Triage is an application on Exabeam Security Operations Platform, available for users with a cloud-delivered deployment of Advanced Analytics and Case Manager. It is your hub for incoming third-party or Exabeam Data Lake alerts, made smarter with machine learning, risk scores, and automatic context enrichment to help you efficiently investigate and triage alerts.

You can view all alerts or create a filter to gather alerts based on criteria you specify. Each alert provides the actionable insights you need to accurately assess the alert's potential impact and make an informed decision.

Where raw logs lack context, Alert Triage fills in the gaps. After it ingests alerts and the corresponding raw logs, it associates the alert to specific users and devices, calculates risk scores, connects alerts to related anomalies and ongoing sessions in Advanced Analytics Smart Timelines™, and enriches the alert with other contextual information so you have a complete picture of all users and devices involved.

After a quick investigation, you dismiss or escalate the alert. When you escalate the alert, you create a Case Manager incident with the Exabeam Alert Triage incident type, which includes alert-specific information like alert name, type, and severity.

To navigate to Alert Triage, click ALERTS in the Advanced Analytics navigation bar for virtual or hardware deployments, or click ALERT TRIAGE in the Advanced Analytics sidebar for cloud-delivered deployments.