In this chapter, we will learn how to use alerts to investigate cases. Any user with the right to manage alerts can configure an alert via the Alert edition panel. Users will then get a list of cases for each alert.
In use cases such as fraud investigation and IT monitoring, alert cases are detected when there is an anomalous pattern in the data. A team of analysts will investigate the cases to confirm them or dismiss the false positives. Graph visualization facilitates data exploration and the collection of visual evidence of suspicious activities. The analysts can then escalate the case by reporting and sharing the visualization.
The challenge, however, lies on the quantity of cases to process within a limited amount of time. A score can be defined for an alert such as potential money lost, risk score, or date of detecting the case.