Searching, sorting, and filtering alerts on the Alerts page

How to find alerts on the Alerts page

To search alerts, you can type what you’re looking for in the Search box.

Unlike searching and filtering, sorting the table doesn't hide any alerts in the table. Sorting the table only reorders the table with the alerts you want to see at the top of the table.

You can filter alerts to help you focus on the alerts that are most important to you.

The columns in the table are:

• Occurred at – The date and time the alert happened

• Type - The kind of alert: Risk, Threat, Unknown

• Severity - Low, Medium, High, Unknown

• Category - The category the alert belongs to.

• Description - A longer description of the alert, including what email address was involved, if applicable.

• Account - The name of the account the alert happened to. Displays if no account is selected.

• Source - The source integration of the alert.

Categories

The available categories are:

• Collection

• Command and control

• Credential access

• Defense evasion

• Discovery

• Execution

• Exfiltration

• Impact

• Initial access

• Lateral movement

• Persistence

• Privilege escalation

• Reconnaissance

• Resource development

• Unclassified

• Unknown

To view alerts in a specific time frame

Selecting a custom time frame is limited to the last 30 days.

1. If you’re not on the Alerts page, in the left navigation menu, click Alerts .

2. In Time frame, select one of the following:

   • Last 24 hours

   • Last 3 days

   • Last 7 days

   • Last 30 days

   • Custom, then select a Start date that is within the last 30 days and an End date

   • All time

To search for specific terms

Every column is searched except for Occurred at and Account.

Separate multiple search terms with a comma.

1. If you’re not on the Alerts page, in the left navigation menu, click Alerts .

2. Type your search terms in the Search box.

To sort the table

1. If you’re not on the Alerts page, in the left navigation menu, click Alerts .

2. In any of the table column headings, click the icon.

The icon displays how the column is sorted. The tables below show how the tables are sorted when the icon is displayed.

Sorted by Ascending

Icon Displayed	Column	Sorted by
Open	Occurred at	Oldest alerts appear first
Open	Type	Alphabetical (A-Z)
Open	Account	Alphabetical (A-Z)
Open	Description	Alphabetical (A-Z)

Sorted by Descending

Icon Displayed	Column	Sorted by
Open	Occurred at	Newest alerts appear first
Open	Type	Reverse alphabetical (Z-A)
Open	Account	Reverse alphabetical (Z-A)
Open	Description	Reverse alphabetical (Z-A)

To filter the table

You can filter the table by the Type, Severity, Category, and/or Source columns. When you filter, you decide which types of alerts you want to show and hide, so you can focus on what you're looking for.

Multiple filters can be active at the same time.

Filters are not persistent. If you navigate away from the Alerts page, when you return to the page, the filters are not active.

1. If you’re not on the Alerts page, in the left navigation menu, click Alerts .

2. In one of the following column headers, click the Filter icon :

   • Type

   • Severity

   • Category

   • Source

3. Select a condition.

4. Select the check boxes of the options you want to see.

5. Click outside the drop-down.

6. Repeat step 2-5 until you have created the filters you want.

To clear table filters

• Do one of the following:

  • Click the circled x icon in the filter you want to remove.

  • Click the Filter icon , then clear the check boxes of the filters you want to remove. Then click outside the drop-down.