Red Canary provides essential incident response and detection workflow management features. For security teams without incident or ticket management solutions, this is often enough workflow to coordinate with your team.

Our threat workflow includes the following features:

• Respond to a threat directly, which notifies others that a specific user has seen and may be working on that threat.
• Add a comment to a threat that can be viewed by others on your team. Comments are useful for documenting material identified during your response as well as context from your incident response team.
• Mark a threat as remediated or not remediated when your response is completed.

Respond to a threat

You can respond to a threat to inform others on your team that you have seen or are working on it.

1. From the navigation menu, click Threats.
2. Click the title of the threat you wish to respond to.
3. At the top of the threat timeline, click Acknowledge.
4. The threat will be marked as acknowledged.

Add a comment to a threat

You can add text-based comments to threats that are visible to you and your team. Comments support Markdown syntax for basic formatting.

1. From the navigation menu, click Threats.
2. Click the title of the threat.
3. At the top of the threat timeline, click Add Comment.
4. Type the content, then click the Add button to save your note.

Note: The comment will appear at the bottom of the Threat Timeline.

To remove a comment from a threat, click the ICON_TRASH icon.