Due to anomalies that may occur we added an advancement to our Alert Rules in GAT Shield.
Now Admins/Auditors can investigate Shield Alerts and where an instance of anomaly occurs they can mark the Shield Alert as a “false positive“. This will help advance the quality of alerts triggered and help us track and tackle any anomalies that may occur.
To utilise this feature, navigate to your GAT Shield Alerts section.
Shield Alerts #
Navigate to Shield -> Alerts -> Notifications and inspect an alert by selecting the ‘Details‘ icon displayed when hovering the cursor over the right side of the record.
An Alert Notification Admin/Auditor can perform the following actions:
- Acknowledge – the auditor can Acknowledge the alert – marking it as “acknowledged” – meaning is checked and acknowledged
- Update Severity – either increase or reset severity level, acknowledge the seriousness of the alert based on an impact it may have on your domain
- See the alert notification Details – view details for the Alert notification triggered.
When Details are selected, a new window will be displayed with all the additional details for the Alert rule
- Acknowledge – on the top left side you can acknowledge the Alert
- Update Severity – Marks this alert as either High or Low. This will be used by an algorithm later on.
- Review Next alert – move on to the next alert
- Report false positive – notify us about false-positive alert – click on 3 dots (1) and “Report false positive” (2)
A new window will appear where you can add an appropriate support message to explain why the alert was identified as a “false positive” (1). To send the message to us, click Send button (2).
Alert and rule related details will be sent internally. Please leave short explanation why alert works incorrectly. We will review it as soon as possible. Describe what the expected result was.
Result #
We will receive your message, investigate it and get back to you promptly.