Skip to content

Security Alerts

The alert inbox (/security/alerts) shows normalized events from integrations and edge telemetry. New alerts appear in the inbox in real time without refreshing the page.

Triage workflow

Section titled “Triage workflow”
  1. Open an alert; review severity, source IP/device, and raw details.
  2. Assign an analyst; change status (new, investigating, closed).
  3. Tag MITRE techniques or link to an incident when escalating.
  4. Run playbooks or open Investigate for deeper analysis.

Integrations

Section titled “Integrations”

Administrators configure ingest webhooks under integrations settings. Each webhook URL is unique per tenant integration.

See also

Section titled “See also”