This is the ALERTS Pane. Within this view, you’re presented with the alerts relevant to your investigation.
In this instance, we’re viewing the ACCESS alerts
ACCESS type alerts are prevalent during the initial entry phase of any malware or ransomware campaign, and provide an avenue of initial implantation. Alerts within this phase can include credential phishing, PII data loss, or suspicious file
Downloads as examples. Here, we have highlighted a Credential Phishing alert to triage
This pane also allows an analyst to see if any other analysts have previously seen, triaged, or commented on any given alert indicator, as depicted by the green circle with three dots
.png)
