Use the following procedure to view alert details.

Note: See also Exploring XDR Data on the Alerts Page.

Procedure

  1. On the left navigation pane, click Alerts.
    Note: In the table, the Status column displays Policy Applied with a red shield icon if an action was taken by a policy on a Carbon Black Analytics alert.
  2. To view the details of an alert, do one of the following:
    • Double-click the alert.
    • Click the > to the right of the Actions column.
    The expanded, right-side pane displays. An Alert Details summary pane describes the type of alert, the alert ID, the reason for the alert, the policy and rule name, and the workflow status.
  3. Click Show All under the Determination to view the Anomaly Classification pane. You can view the prevalence of an alert across all organizations and for your organization. The prevalence is categorized as very common, average, or rare. See Anomaly Classification.
  4. Click Blue expland arrow to view the Alert Details pane in a separate tab and to open further panes.
    The expanded view displays the following panes:
    • Process
    • Child process
    • Involved processes
    • Asset
    • Remediation
    • Alert ID history
    • Threat ID history
  5. You can:
    • Click <Previous or >Next to view the alert details of the previous or subsequent alert.
    • Use the respective buttons in the upper-right corner of the Alert Details section to further triage or investigate the alert.
    • View the causes of the alert in the What triggered this alert? section. If the number of observations displays 100+, you can:
      • Click the Alert triage icon Alert triage icon to view 100 observations.
      • Click the Investigate icon Investigate icon to view all the data beyond the 100 observations.
      Alert details panel with What Triggered This Alert section
  6. Click X in the upper-right corner to close the Alert Details pane.