Assigning alerts to analysts

As a work item, an alert can be assigned to a SOC analyst for inspection and possible investigation. You can change the assignee of an active alert at any time; you cannot change an assignee of a closed alert. You can also remove the assignee to make the alert unassigned.

Alerts can be assigned only to analysts that have the access right to read and modify alerts and incidents.

To assign one or several alerts to an analyst:

  1. In the main menu, go to MONITORING & REPORTING Alerts.
  2. If you have both Kaspersky EDR Optimum and Kaspersky EDR Expert integrated into Kaspersky Security Center Cloud Console, the Alerts section is divided into two tabs. Go to the Expert tab. Otherwise, skip this step.
  3. Select the check boxes next to the alerts that you want to assign to the analyst.
  4. Click the Assign to button.
  5. In the Assign to window, start typing the analyst name, and then select the name from the list.

    You can select the Not assigned option. In this case, the selected alerts become unassigned and their status changes to New.

    You cannot select the Not assigned option for the alerts in the In incident status.

  6. Click the Save button.

The alerts are assigned to the analyst.

See also:

About alerts

Viewing the alert table

Changing an alert status
Page top