Exabeam Cloud PlatformAlert Triage

Table of Contents

Exabeam Alert Triage

Quickly and diligently identify, prioritize, and respond to important security alerts with Alert Triage on Exabeam Cloud Platform.

Alert Triage is an application on Exabeam Cloud Platform, available for users with a SaaS deployment of Advanced Analytics and Case Manager. It is your hub for incoming third-party or Exabeam Data Lake alerts, made smarter with machine learning, risk scores, and automatic context enrichment to help you efficiently investigate and triage alerts.

If you have administrator or manager permissions, you create a channel to gather alerts based on criteria you specify. If you're an analyst assigned to a channel, you investigate the alerts in these channels. Each alert provides the actionable insights you need to accurately assess the alert's potential impact and make an informed decision.

Where raw logs lack context, Alert Triage fills in the gaps. After it ingests alerts and the corresponding raw logs, it associates the alert to specific users and devices, calculates risk scores, connects alerts to related anomalies and ongoing sessions in Advanced Analytics Smart Timelines™, and enriches the alert with other contextual information so you have a complete picture of all users and devices involved.

After a quick investigation, you dismiss or escalate the alert. When you escalate the alert, you create a Case Manager incident with the Exabeam Alert Triage incident type, which includes alert-specific information like alert name, type, and severity.Incident Types