Update and close the alert
This task is part of a workflow defined in Working with Alerts Based on Firewall Events.
Add additional tags based on your findings:
Procedure
Step 1 | In the Secure Cloud Analytics portal UI, select . |
Step 2 | Select one or more Tags from the drop-down. |
Add final comments describing the results of your investigation, and any remediation steps taken:
-
From an alert's detail, enter a Comment on this alert, then click Comment.
Close the alert, and mark it as helpful or not helpful:
-
From an alert's detail, click Close Alert.
-
Select Yes if the alert was helpful, or No if the alert was unhelpful. Note that this does not necessarily mean that the alert resulted from malicious behavior, just that the alert was helpful to your organization.
-
Click Save.
What to do next
Reopen a closed alert
If you discover additional information related to a closed alert, or want to add more comments related to that alert, you can reopen it, changing the status to Open. You can then make changes as necessary to the alert, then close it again when your additional investigation is complete.
Reopen a closed alert:
-
From a closed alert's detail, click Reopen Alert.