Use the following procedure to view alert details.

Procedure

  1. On the left navigation pane, click Alerts.
    A table of alerts displays depending on the filter settings and selected time duration.
    Note: In the table, the Status column displays Policy Applied with a red shield icon if an action was taken by a policy on a Carbon Black Analytics alert.
  2. To view the details of an alert, do one of the following:
    • Double-click the alert.
    • Click the > to the right of the Actions column.
    The expanded, right-side pane displays. An Alert Details summary pane describes the type of alert, the alert ID, the reason for the alert, the policy and rule name, and the workflow status.
  3. Click Blue expland arrow to view the Alert Details pane in a separate tab and to open further panes.
    The expanded view displays the following panes:
    • Process
    • Child process
    • Involved processes
    • Asset
    • Remediation
    • Alert ID history
    • Threat ID history
  4. You can:
    • Click <Previous or >Next to view the alert details of the previous or subsequent alert.
    • Use the respective buttons in the upper-right corner of the Alert Details section to further triage or investigate the alert.
    • View the causes of the alert in the What triggered this alert? section. If the number of observations displays 100+, you can:
      • Click the Alert triage icon Alert triage icon to view 100 observations.
      • Click the Investigate icon Investigate icon to view all the data beyond the 100 observations.
      Alert details panel with What Triggered This Alert section
  5. Click X in the upper-right corner to close the Alert Details pane.