Support

Support for business applications

Kaspersky XDR Expert

Threat detection

Working with alerts

Assigning alerts to analysts

Kaspersky Next XDR Expert
Online Help
FAQ Forum Contact support Recovery tools

Assigning alerts to analysts

May 15, 2024

ID 221564

Save as PDF

As a work item, an alert can be assigned to an SOC analyst for inspection and possible investigation. You can change the assignee of an active alert at any time. You cannot change an assignee of a closed alert.

Alerts can be assigned only to analysts who have the access right to read and modify alerts and incidents.

To assign one or several alerts to an analyst:

  1. In the main menu, go to Monitoring & reporting Alerts.
  2. Select the check boxes next to the alerts that you want to assign to an analyst.

    You must select only the alerts detected in the same tenant. Otherwise, the Assign to button will be disabled.

    Alternatively, you can assign an alert to an analyst from the alert details. To open the alert details, click the link with the alert ID you need.

  3. Click the Assign to button.
  4. In the Assign to analyst window that opens, start typing the analyst's name or email address, and then select the analyst from the list.

    You can also select the Not assigned option for all alerts, except alerts with the In incident status.

  5. Click the Assign button.

The alerts are assigned to the analyst.

See also:

About alerts

Viewing the alert table

Changing an alert status

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.