Close an Alert

There are two ways to close an alert:
  • Mark it as Dismiss if you have decided that the alerted activity is sanctioned.
  • Mark it as Resolve if the activity was not sanctioned, and you have taken sufficient action that the threat has been eliminated.
Marking an alert as Dismiss or Resolve does not prevent Cortex XDR – Analytics from raising the alert again if the actions that caused the alert reappear in the future.
  1. Navigate to the host or user details page in the Triage page.
    close-alert.png
  2. Click into the alert that you are closing.
    close-alert-entity.png
  3. In the Actions drop-down menu, select either Dismiss or Resolve.
    close-alert-resolve.png

Related Documentation