You can add notes to an external alert, just like you can to a detection. This allows you to keep all of the important information about a security incident in a single location for traceability and ease of team communication.
You will need the Analyst role to access an external alert and view or add notes.
Adding notes to an external alert
To add a note to an alert:
- Navigate to an alert by clicking External Alerts in the site navigation and selecting the alert.
- Scroll to the bottom of the timeline.
- Under the Add a note for you or your team's record… section, enter text / Markdown notes.
- Click Add Note.
You can edit or delete a note once it has been created by clicking the buttons at the top right of each note.
Should I use notes to communicate with my Red Canary team?
Notes are designed for you and your internal team and are not intended for communicating with Red Canary. If you have a question or need assistance, use the Contact Us button at the bottom of the alert timeline to notify our team.