Use the following procedure to view alert details.
- On the left navigation pane, click Alerts.
A table of alerts displays depending on the filter settings and selected time duration.Note: In the table, the Status column displays Policy Applied with a red shield icon if an action was taken by a policy on a Carbon Black Analytics alert.
- To view the details of an alert, do one of the following:
The expanded, right-side pane displays. An Alert Details summary pane describes the type of alert, the alert ID, the reason for the alert, the policy and rule name, and the workflow status.
- Double-click the alert.
- Click the > to the right of the Actions column.
- Click to view the Alert Details pane in a separate tab and to open further panes.
The expanded view displays the following panes:
- Child process
- Involved processes
- Alert ID history
- Threat ID history
- You can:
- Click <Previous or >Next to view the alert details of the previous or subsequent alert.
- Use the respective buttons in the upper-right corner of the Alert Details section to further triage or investigate the alert.
- View the causes of the alert in the What triggered this alert? section. If the number of observations displays 100+, you can:
- Click the Alert triage icon to view 100 observations.
- Click the Investigate icon to view all the data beyond the 100 observations.
- Click X in the upper-right corner to close the Alert Details pane.