Group alerts to view similar alerts occurring across multiple endpoints in a single row.
Note: By default, alerts are automatically set to
Group by: None.
In the Group By: None view, all alerts are displayed individually in a single alert row, even if an alert is seen on multiple devices.
You can identify alert prioritization and determine when actions need to be taken on an individual alert.
Use the Group By drop-down menu in the top right of the table to group all alerts with the same threat ID. See: Group By: Threat ID.
Type/Reason Column
The Type/Reason column determines the threat ID of the alert and explains why the alert was created.
Threat ID groups include:
- Watchlist
- CB Analytics
- USB
- Host-Based Firewall
- Containers Runtime
- IDS
Workflow Column
The Workflow column indicates whether an alert is open or closed.
Click the status of the alert in the Workflow column to view:
- The Alert ID
- The user that updated the workflow status and the timestamp
Note: The workflow column is only interactive on a single alert. You cannot click the workflow status of grouped alerts.