Notifications

A notification is an alert about a detection within a network. NDR alerts you with notifications when it detects any suspicious activity within the network. The notifications contain key details about the incident, including the types of threats, host address, and severity level.

The notifications belong to categories based on malware, network anomaly, policy violation, or unauthorized access. They help to identify the nature of the activity. For additional information on how to investigate and mitigate these notifications, read Notification Categories.

Search Notifications

In AI Detect, the Notifications page offers a centralized view of all alerts, allowing you to search and filter notifications, view details, analyze metadata, download all notifications.

Searching notifications enables you to quickly locate and investigate specific alerts to identify patterns and understand the nature of events. You can filter notifications by criteria, including date, severity, category, acknowledgment status, and description.

1. Select dates in From and To.

2. In Host, enter or search Host IP. They are IPv4/ IPv6 addresses, domains or hostnames. Click Split Host Search to search source hosts and destination hosts separately.

3. In Category, enter a notification category.

4. Select an Acknowledgment status.

5. Enter a Description.

6. Click Search.

7. To search metadata, click Metadata under Notification Details.

Metadata is only retrieved for the notification if the severity level is Medium or High, or if the notification is based on a Machine Learning anomaly event.

Notification Acknowledgment States

Acknowledging a notification means you have viewed it. Acknowledgement states help you track whether you have analyzed a notification.

A notification has four acknowledgment states. The default state of a notification is unacknowledged.

You can integrate NDR with ServiceNow to create and manage incident tickets, if you have a Service now license.