-
Click here to register for a live workshop
-
Click here to watch a recording of this workshop
InsightIDR - Reviewing Alerts and Investigations
Gain a greater understanding of your InsightIDR alerts
Gain a greater understanding of your InsightIDR alerts by learning:
- What steps to take when reviewing an investigation
- Understanding the difference between notable events and alerts
- Reviewing the timeline of events and alert evidence
- What actions you should take when you’re responding to an alert
- Update the status and priority
- Assign to a user
- Take action
- How to tune alerts to better suit your environment
- Add to an allowlist
- Mark disposition as "benign" (as an example)
Desired Outcome:
Become familiar with what steps to take when reviewing alerts to understand why they were triggered and what actions to take.