The external alerts in your Red Canary platform can be filtered by their attributes. This filtering allows you to review the alerts ingested by Red Canary and the result of our processing.
Filtering external alerts
You can filter for external alerts by a number of criteria.
To filter for specific alerts by criteria:
- Click External Alerts in the site navigation.
- Click in the filter bar next to the ICON_SEARCH icon.
- Enter the criteria that describes the alerts you wish to find.
You can learn more about ways to filter for alerts by clicking learn more about filtering.
What if I want to quickly jump to an alert by ID, source platform URL, etc?
The fastest way to jump to an external alert is by using ⌘-K. Many attributes of alert are indexed and can be found with ⌘-K, including:
- Any unique identifiers for the alert provided by its source platform
- Any URLs for the alert provided by its source platform
- The classification reported by the original alert
- Any correlation points or analysis context extracted from the alert
- Metadata about endpoint processes that have been correlated to the alert