You can use external alerts to configure your search criteria and review detailed information about your alerts, endpoints, and identities.

Configure search criteria

Use search criteria to set your parameters when it comes to what alerts you are interested in reviewing. 

1. From the navigation menu, click Alerts.
2. You can filter alerts by the following search criteria:
   
   • Alert ID — A Red Canary generated number, for reference purposes, that identifies the alert.
   • Status — The state alerts are in as the are processed by Red Canary.
   • Assigned To — To whom the alert is assigned for the next step in the process. This can be your team or Red Canary depending on the alert status.
   • End Point or Device — The end point or device identified by the alert.
   • Identity — The identity identified by the alert.
   • Process Correlation — Whether Red Canary attempted and successfully correlated the alert with a process from the alert platform.
   • Date Issued — The date the alert was created in the Red Canary system.
   • Provider Classification — The classification attributed to the alert by the alert provider.
   • Provider Source — The name of the alert source from which the alert came.
   • Provider Severity — The alert severity provided by the alert provider.
   • Raw Data Contains —  Enables you to search the Red Canary indexed alert data for the alert for specific text values.
     

     Note: Red Canary includes six search criteria by default to display alerts which are not resolved and may require further user action. You can remove any unwanted search criteria by deselecting the search criteria’s checkbox, and then clicking Search. 

     The default criteria include the following:

     • Status: Analysis Complete: Threat 
     • Status: Analysis Complete: Highly Suspicious
     • Status: Analysis Complete: Suspicious
     • Status: Analysis Complete: Not a Threat
     • Status: Investigating
     • Status: New
3. Fill in your required information, and then click Search. The new search criteria you applied will appear below the search dropdown. 
   

   Note: To update the search results, click Search each time you add new criteria, otherwise your search criteria will not update.
   
   

4. Remove any unwanted search criteria by deselecting the search criteria’s checkbox, and then click Search.
   
   
5. Optionally, select Use advanced search to turn on the advanced search function. 
6. Type and search for the alert you want to filter. 
7. Once selected, click Search. The new search criteria you applied will appear below the search dropdown. Note: To update search results, click Search each time you add new criteria.