Alerts

Alerts are events delivered from connected sources such as a SIEM. The Alerts page lists every incoming alert with its severity, read status, linked case number, source, and observable count. Each alert can be reviewed in the Alert Preview panel, then triaged individually or in bulk.

This section covers the alerts list and its filter controls, bulk triage operations, and the full import flow for promoting an alert to a case.

• Alerts
• Alert Triage
• Creating a Case from an Alert