Respond to an Alert
After you investigate an alert, resolve, dismiss, or escalate it.
Resolve an alert if you took action to close the alert without escalating it.
Dismiss an alert if it's a false positive.
Escalate an alert if you determined that an alert is a true threat to move up your chain of command. When you change an alert's status to escalate, you create an incident in Case Manager. You can only create one incident for each alert. If you escalate an alert multiple times, you won't create multiple Case Manager incidents. If you change an alert's status in Alert Triage, the incident's status doesn't change in Case Manager.
To quickly dismiss an alert, hover over the alert, then click Dismiss.
In the alert, click Resolve, Dismiss, or Escalate.
If you escalated the alert, select a priority for the incident created in Case Manager: low, medium, high, or critical.
Click Escalate. In Case Manager, an incident is created in the Exabeam Alert Triage incident type, which includes alert-specific information like alert name, type, and severity.