The Workflow column displays the status of the alert.
You can change the workflow of an alert to Open, Closed, or In Progress.
When closing or opening an alert an alert, you can automatically close or open the alert on all devices in the future.
- CB Analytics: Combination of the primary threat actor (usually the SHA-256 hash of the threat actor) and the alert reason that is derived by the Endpoint Standard Analytics engine.
- Watchlists: The report that triggered the Watchlist hit.
- USB Device Control: Represents a unique USB device.
- IDS: Alerts with the same process and IDS signature or rule.
If an alert is flagged for dismissal, any future alerts that contain the same threat ID are dismissed.