Skip to main content

Alert TriageAlert Triage Documentation

Table of ContentsTable of Contents

What's New in Alert Triage

October 10, 2024

The following issue was resolved in October for Alert Triage:

Fixed	UIPAA-671 – Fixed an issue where Alert Triage pushed excessive alerts causing unnecessary strain on the system. With this fix, you can now dynamically disable Alert Triage or have it automatically pause when alert volumes exceed configured thresholds, allowing the system to maintain stability during spikes in activity.
Also see:	Incident Responder Release Notes Advanced Analytics Release Notes

April 14, 2022

New	To help you quickly determine which alerts to look at first, view the alert's priority determined by machine learning and analytics: high, low, or observational. To narrow down the alerts you see, filter alerts by priority. It may take Alert Triage up to three weeks to train, during which your alerts aren't assigned a priority. To get an overview of all your alerts and team's activity, view Alert Triage metrics under Alert Insights, including the total number of alerts you received and how many alerts have a given priority.
Improved	Get more details about assets at a glance. From the contextual information in tabs, understand an asset's risk score by its color and whether it's a source or destination by the arrow's direction.
Fixed	Minor bugs and UI issues.
Known Issues	In the first five minutes alerts are ingested, they are assigned the observational priority until they are re-assigned to the correct priority. In the next release, we're enhancing this behavior and adding a pending priority.

March 3, 2022

New	Use the Time Range filter criteria to filter alerts by when they were created: in the last day, last three days, last week, last month, or by a specific date and time.
Improved	If you have Administrator or Manager roles, you can change a filter's sharing permissions and update and delete filters other people create. If you have the Standard User role, you can only create private filters.
Fixed	Names for existing alerts didn't appear under the Name filter criteria because an incorrect parameter returned a limited number of alert names. Now, the correct parameter is used and returns all existing alert names. Case Manager incidents created from escalated alerts couldn't trigger Incident Responder playbooks because a parameter was missing. Now, the parameter has been added. In some cases, when you clicked on a notification or filter criteria, you received a Request failed with status code 503 error because of a memory issue. Now, performance has improved significantly.
Known Issues	There are no known issues in this release.

August 20, 2021

New	Filters have replaced channels. To quickly triage and find the highest priority alerts, filter all alerts by criteria you define, like source, severity, type, and name, then save the filter. You can also make filters private to you, or public to certain people or everyone in Alert Triage. Navigate to the newest alert in a tab by clicking Jump to newest alert. Dismiss multiple alerts at once by selecting the checkbox next to each alert, then clicking Dismiss. Choose to show or hide dismissed alerts in a tab by toggling Hide dismissed alerts.
Improved	Alert Triage adjusts to the width of your window so you can use Alert Triage on any device or screen size. You see standardized values for alert types and severities; for example, if the severity of a third-party alert is medium, Medium, or Med, it is displayed as Medium in Alert Triage. To prevent Alert Triage from running out of memory, you can only see alerts that are less than 90 days old. Performance and stability improvements.
Fixed	If no anomalies occurred before the security alert, you didn't see any anomalies under the Nearby Anomalies, Top <#> tab. Now, you can see all anomalies that occurred before, during, and after the alert under the Show all tab. Minor bugs and UI issues.
Known Issues	There are no known issues in this release.

April 6, 2021

New	This is the General Availability release for Alert Triage.
Improved	Performance and stability improvements.
Fixed	Minor bugs and UI issues.
Known Issues	During a session, if no anomalies occurred before the security alert, you don't see any anomalies under the Nearby Anomalies, Top <#> tab. In the next release, we're enhancing this tab and the Show all tab.