User actions performed on alerts

When managing the program web interface using a Senior security officer or Security officer account, you can take the following actions on alerts:

• Assign an alert to yourself or to another user of the program web interface.

  You can view all alerts assigned to a specific user by filtering alerts based on the status of their processing by the user.

• Mark an alert as processed.

  You can view all alerts that have been processed by a specific user by filtering alerts based on the status of their processing by the user.

• Add a comment to an alert.

  You can find commented alerts based on keywords within comments by filtering alerts based on received information.

• Mark the alert as
  VIP

  Status of alerts with special access permissions. For example, alerts with the VIP status cannot be viewed by users with the Security officer role.

  .

  This action is available only to users with the Senior security officer role. Users with this role can view all alerts with the VIP status by filtering alerts by VIP status.

Users with the Security auditor role can view information about alerts but cannot edit this information.

Assigning alerts to a specific user

Users with the Senior security officer and Security officer roles can assign an alert or multiple alerts to themselves or to another user of the program web interface with the Senior security officer and Security officer roles.

To assign an alert to yourself or to another user of the program web interface:

1. Select the Alerts section in the window of the program web interface.

   This opens the table of alerts.

2. Select the check boxes next to the alert or alerts that you want to assign to yourself or to another user.

   You can select all alerts by selecting the check box in the table header.

3. In the panel that appears in the lower part of the window, click the arrow to the right of the Assign to button to expand the user list.
4. Select the user to whom you want to assign the alerts.

   This opens the action confirmation window. You can also leave a comment that will be displayed in the alert change history.

5. Click Proceed.

The alerts will be assigned to the selected user.

You can view all alerts assigned to a specific user by filtering alerts based on the status of their processing by the user.

Users with the Security auditor role cannot assign alerts to themselves or to other users of the program web interface. Users with the Senior security officer and Security officer roles also cannot assign alerts to users with the Security auditor role.

Marking the completion of single alert processing

To mark one alert assigned to you as processed in the alerts table:

1. Select the Alerts section in the window of the program web interface.

   This opens the table of alerts.

2. In the State column of the alert that you want to mark as processed, click on your user name.
3. In the action list, select Close alert.

The alert will be marked as processed.

To mark an alert as processed in the course of managing that alert:

1. Select the Alerts section in the window of the program web interface.

   This opens the table of alerts.

2. Open the alert that you want to mark as processed.

   Expand the list of actions. In the upper right corner of the window, click the arrow to the right of the button showing the alert status.

   This opens the list of actions.

3. In the action list, select Close alert.

The alert will be marked as processed. If the alert was assigned to a different user, it will be marked as processed by you.

You can view all alerts that have been processed by a specific user by filtering alerts based on the status of their processing by the user.

If an alert based on TAA (IOA), IDS, or URL technology that is similar to a processed alert is received within the day (from 00:00 a.m. to 11:59 p.m.), the program will either create a new alert or update the information about an identical alert with the New or In process status.

Users with the Security auditor role cannot assign and process alerts.

Marking the completion of alerts processing

To mark one or multiple alerts as processed:

1. Select the Alerts section in the window of the program web interface.

   This opens the table of alerts.

2. Select the check boxes opposite those alerts that you want to mark as processed.

   You can select all alerts by selecting the check box in the table header.

3. In the pane that appears in the lower part of the window, click the Close alert button.

   This opens the action confirmation window.

   You can also leave a comment that will be displayed in the alert change history.

4. Click Proceed.

The selected alerts will be marked as processed. If the alerts were assigned to other users, they will be marked as processed by you.

You can view all processed alerts by filtering alerts based on the status of their processing by the user.

If an alert based on TAA (IOA), IDS, or URL technology that is similar to a processed alert is received within the day (from 00:00 a.m. to 11:59 p.m.), the program will either create a new alert or update the information about an identical alert with the New or In process status.

Users with the Security auditor role cannot assign and process alerts.

Modifying the status of VIP alerts

Users with the Senior security officer role can assign the VIP status to alerts or clear the VIP status of alerts.

To toggle the VIP status for alerts:

1. Select the Alerts section in the window of the program web interface.

   This opens the table of alerts.

2. Select the check boxes for alerts for which you want to change the VIP status.

   You can select all alerts by selecting the check box in the table header.

3. Do one of the following:
   • If you want to mark alerts as VIP, click the Mark as VIP button in the pane that appears in the lower part of the window.
   • If you want to remove the VIP status from alerts, in the pane that appears in the lower part of the window, in the Mark as VIP drop-down list, select Mark as non-VIP.

   This opens the action confirmation window.

   You can also leave a comment that will be displayed in the alert change history.

4. Click Proceed.

The VIP status of alerts is changed.

Users with the Senior security officer and Security auditor roles can view all events with the VIP status by filtering alerts by VIP status.

Adding a comment to an alert

Users with the Senior security officer and Security officer roles can add a comment to an alert.

To add a comment to an alert:

1. Select the Alerts section in the window of the program web interface.

   This opens the table of alerts.

2. Select an alert for which you want to add a comment.

   This opens a window containing information about the alert.

3. In the comment field under the Change log section, enter a comment for the alert.
4. Click Add.

The comment will be added to the alert and will be displayed in the Change log section of this alert.

You can find commented alerts based on keywords within comments by filtering alerts based on received information.

Users with the Security auditor role can view comments for alerts but cannot edit the comments.