Alerts: Alerts Navigation
Navigating Alerts
Alerts' cases can be accessed in two pages. This section, guides you through these views and their features.
Alerts Dashboard
The Alerts Dashboard displays the alerts available to users.
It is always accessible to those who have the right to “Create & Process Alerts” (see Access Rights). However, users who have the right to “Process Alerts” can only access the dashboard if at least one alert exists.
From the Alerts Dashboard, we can:
- Create, open, edit, move, disable or delete an alert depending on the user's access rights
- View the details of an alert (name, description, creation date, last run, last edited and sharing settings)
- Create, open, rename or delete folders
When at least one folder exists, the file tree is displayed on the left.
The blue badge displayed above alerts and folders is there to inform users on cases requiring attention (cases with the status: open and assignee: unassigned).
Users clicking on 'Back to Cases' are navigated to the Unified case list.
Unified Case List
The unified case list is where all the cases a user has access to can be displayed. It is accessible to all the users who can access and/or create alerts. The list of cases displayed can be adjusted using filters.
A "by default" filter is applied every time a user accesses the page, which shows the cases which have status Open or In progress and are assigned to the currently logged in user. This enables users to focus on the evolving cases which they are responsible for.
The unified case list is always sorted in descending order, meaning the newest case is always displayed first. Sorting can be modified according to the needs of the user by sorting the remaining columns of the unified case list. To go back to the initially sorted view, sort by the "created at" column in a descending order.
Users can navigate to the 'Alerts Dashboard', where they can also create alerts, when clicking on the 'Alerts Dashboard' button.
Filters
Different combinations of filters can be applied. Users can filter by one or many Alert folders, Alert names, Alert models, Case statuses and Assignees. When filters are cleared, by clicking on the clear button, all the cases a user has access to are displayed.
By default, the unified case list displays basic information common to all cases. The case ID, alert name, folder name (if any), the models that generated the case and their sum, case creation date and time, last updated at date and time, case status and the investigator assigned to it.
Filtering by one alert
When filtering by one alert, all columns (case attributes) of that specific alert are displayed on the unified case list table. Moreover, they're also displayed on the filters panel where users can apply filters on them. The columns of the 'currency' type show the appropriate symbol and adhere to the currency format defined during the alert's creation.
Depending on the type of the columns' data users can filter on numerical, currency or text values.
**
Filters and sorting are persisted to help users not lose the context of their work when navigating in the app.
Filtering monetary values is handled in the same manner as filtering columns of the 'number' type.
Case Preview
The case preview can be accessed by clicking on the case's ID. From the case preview the case view can be opened. Moreover, details on the information the case holds such as alert name, alert description, case attributes and number of comments as well as the timestamp of the latest comment are shown. Furthermore, users can change the status and assignee of a case, exactly in the same manner they do on the case view, from the case preview.
Bulk assign cases
Users can assign one or multiple cases to another user or themselves in one go, from one or many alerts at a time. This is particularly useful for a team leader dispatching the workload among their team, especially in combination with the usage of filters.
To use this feature, the user needs to select one or many cases from the unified case list (clicking on checkboxes). The “ASSIGN” button will activate upon the first selection. Users can pick cases from the different pages of the list. The number of cases selected will show next to the “ASSIGN” button.
Once the user is done selecting cases, they will pick a user name from the dropdown list that opens upon clicking on the “ASSIGN” button. Only the users who have access to all the alerts to which the selected cases belong, will show on the list. If a user is lacking access to at least one of the cases’ alert, they won’t be displayed. Also, if new filters are applied or if filters are cleared, the current selection of cases is unselected.
Download the unified case list information
From the unified case list, users can download an excel file containing all the cases which the applied filter returns. This file contains information which will enable analysts to monitor the team's activity and share it with fellow colleagues. and answer possible questions a they may have, such as:
- How many cases are in which state?
- How many cases are assigned per analyst?
- How many cases dows analyst X close per period?
- What relevant information is associated with the cases?
- How long does it take for a case to be closed?
- How long does it take for a case to be closed by an analyst?
The file begins to download once the button is pressed. In the downloaded file, for each case, you will find its id
, creation datetime
, status
, assignee username
, assignee email
, assigned datetime
, dismissed or confirmed datetime
, the alert name
and folder name
the case belongs to as well as the export datetime
.
In case the applied filter returns more than 500k cases, download would not be possible.
Case List
The "Case List" shows a list of newly detected cases for each alert. Each row in the list is a case.
By default, cases are ordered by creation date. You can change sorting order by using custom columns, if the alert creator has defined any.
A case has a status that is either Open
, In progress
, Confirmed
, or Dismissed
.
New cases have the Open
status by default.
The list of cases can be filtered by status. For example, the image below shows the list of dismissed cases. We can also see who has changed the status of those cases.
You can also filter the list of cases by assignee. In the example below, we can see all the cases opened and assigned to the current user.
If a user has no cases assigned to him, his name will appear greyed out in the list.
Within the list of cases, you can assign them to users that have the right to process the alert.
To do so, you can select cases from multiple pages by checking the checkbox on the left of every row.
You can also select all the cases within a page by clicking on the checkbox on top of the list of cases.
Once cases are selected, you can assign them to a single user by clicking on the button "Assign".
To take a decision, you must investigate on a case. Simply click on the ID of a case to open the case view.
Download the alert case list information
From each alert's case list view, users can download an excel file containing all the cases of the alert. This file contains information which will enable analysts to monitor the team's activity, share it with fellow colleagues and answer possible questions a they may have, such as:
- How many cases are in which state?
- How many cases are assigned per analyst?
- How many cases dows analyst X close per period?
- What relevant information is associated with the cases?
- How long does it take for a case to be closed?
- How long does it take for a case to be closed by an analyst?
The file begins to download once the button is pressed. In the downloaded file, for each case, you will find its id
, creation datetime
, status
, assignee username
, assignee email
, assigned datetime
, dismissed or confirmed datetime
, the alert name
and folder name
the case belongs to and the columns
as well as the export datetime
.
The next section focuses on case investigation and exploration best practises.