Instructions what to do when you receive an email notification about a new broad context detection.
Follow these instructions when you receive an alert of a new detection:
- Open the portal to check the details of the broad context detection.
- Check the risk level score of the detection and its details view, the list of hosts that are part of the detection, and possible earlier similar detections.
- Analyse the information that is available and based on the hosts that are involved in the detection, choose whether you want to confirm the broad context detection as an incident.
- If you acknowledge the incident, the portal provides recommended actions on how to respond to it.
- Choose one or more of the recommended actions and either continue to monitor the incident or close it.