Threat Detection: How to triage threat alerts

Summary

This article describes how to manage threat alerts in your environment.

Run a threat detection job first to detect issues and raise threat alerts.

How to resolve threat alerts

1. Open Cayosoft Guardian Web Portal.
2. Expand Threat Detection node.
3. Select Threat Alerts.
4. Select an alert to be resolved.
5. Press Properties.
6. Press Remediate.
7. Follow Remediation advice to resolve an issue in your environment.
8. Press OK to confirm that the issue has been resolved.

How to dismiss threat alerts

1. Open Cayosoft Guardian Web Portal.
2. Expand Threat Detection node.
3. Select Threat Alerts.
4. Select an alert to be resolved.
5. Press Properties.
6. Press Dismiss.
7. Press Yes to confirm.

How to add an object reported by threat alert to an exclusion list

1. Open Cayosoft Guardian Web Portal.
2. Expand Threat Detection node.
3. Select Threat Alerts.
4. Select an alert to be resolved.
5. Press Properties.
6. Press Remediate.
7. Select Add target object to exclusion list.
8. Press OK to confirm.

To disable threat definition and dismiss all related alerts

1. Open Cayosoft Guardian Web Portal.
2. Expand Threat Detection node.
3. Select Threat Definitions node.
4. Select a threat definition to be disabled and press Properties.
5. Go to Threat Alerts tab.
6. To select all alerts, click on the circle that is to the right of the bulb icon.
7. Press Dismiss to dismiss all alerts.
8. Go to the Settings tab and mark the Disabled checkbox.
9. Save the settings of the threat definition.