View and manage alert notifications
Overview
This article explains how to review and manage the security notifications that are created when Code42 detects activity that matches the criteria in an alert rule.
When a rule is triggered, an alert notification appears in the Alerts > Review Alerts table. You can add a note to an alert, review and dismiss alerts, or use the filters to search for alerts that have been dismissed to reopen them.
Considerations
Review alert notifications
- Sign in to the Code42 console.
- Go to Alerts > Review Alerts.
- For any alert, click View detail
to see more details.
The Alert details opens where you can view file details, add notes or statuses, and take other actions on the alert.- Click Copy Link
to copy the link to the alert notification in the Code42 console so that you can share it with others for investigation.
- Click Investigate in Forensic Search to see the files for this event in Forensic Search. If multiple event types are involved in this alert, select the type of events you want to view from the menu that opens:
- Investigate download events
- Investigate external device events
- Investigate browser and app upload events
- Investigate cloud sync events
- Investigate cloud sharing events
- Investigate external email sharing events
- Investigate Git events
- Click Actions and select an action:
- Select Send email to compose an email to the user requesting more information about this activity.
You can customize the email as needed after it opens. - Select Send user an Instructor lesson and then select the lesson to send to that user.
- Select Send email to compose an email to the user requesting more information about this activity.
- Click View Rule
to open and update the rule settings.
- Click View Instructor lessons
to open Code42 Instructor and view more information about the lesson sent.
- Select a status to identify the state of your investigation into the alert.
If you select Dismissed, Code42 automatically dismisses the alert and removes it from the list of open alerts. Click Reopen alert to reopen the alert and change its status to Open, if needed. - Add a note (or edit any current note) to provide more details about the alert.
- Click View profile
to open the User Profile for that user.
View profile appears only when allowed by your Code42 product plan and role permissions.
- Click Copy Link
- (Optional) When you're done reviewing the alert, click Dismiss alert to remove the notification.
When you dismiss an alert, Code42 automatically removes it from the list of open alerts. You can reopen alerts, if needed.
Dismiss multiple notifications at once
To dismiss multiple notifications at once, select the checkbox next to one or more notifications in the Review Alerts list and then click the Dismiss Alerts button that appears at the top-right of the list of notifications.
To dismiss multiple notifications at once, select the checkbox next to one or more notifications in the Review Alerts list and then click the Dismiss Alerts button that appears at the top-right of the list of notifications.
Add a note
- Sign in to the Code42 console.
- Go to Alerts > Review Alerts.
- For any alert, click
to see more details.
- In the Notes panel, click Add note.
If the alert already includes a note, click Editto edit the existing note.
- Enter the note and click Save. You can also delete a note entirely by deleting the note's text and clicking Save.
Your note is added to the Notes panel in the Alert details. Code42 automatically saves and displays the username of the last person to edit the note, along with the date and time it was edited. Click Expand note to view long notes.
Dismiss alert notifications
- Sign in to the Code42 console.
- Go to Alerts > Review Alerts.
- For any alert, click Dismiss alert
. When the menu opens:
- Select Dismiss to dismiss the alert.
- Select Dismiss with note to add a note to the alert and then dismiss it. Enter your note (or edit the existing note) and then click Save and dismiss.
Reopen dismissed alert notifications
- Sign in to the Code42 console.
- Go to Alerts > Review Alerts.
- Click Filter
and apply the Dismissed status to show alerts that have been dismissed.
- When the Filters panel opens, under Status, clear the Open checkbox and select the Dismissed checkbox.
- (Optional) Select any other criteria to further filter the list of alerts that are returned.
- Click Apply.
You are returned to the Review Alerts table and only the dismissed alerts that meet any other selected criteria are listed.
- (Optional) Click Reopen Alert
to reopen a notification:
- Select Reopen to reopen the alert.
- Select Reopen with note to add a note to the alert and then reopen it. Enter your note (or edit the existing note) and then click Save and reopen.