Threat Command Quick Start
Use the Threat Command Alerts page to manage alerts.
Before you begin, ensure that company assets are defined, as described in Configuring Assets. This is typically performed by the Threat Command administrator.
Alerts are displayed in the Alerts page.
Log in at https://dashboard.ti.insight.rapid7.com.
For more information, see Log in to Rapid7 Threat Command.From the Threat Command main menu, point to Threat Command or its icon
, then select Alerts.
The Alerts page is displayed.
Alerts are displayed in theAlerts list. When you select an alert, the Alert header, Alert description, and the Alert options pane are displayed alongside the alert.
Alerts page
The default Alerts list shows open alerts, sorted by last updated. You can change the view with the various filter options. The summary numbers on top of the Alerts list reflect the alerts that match the current filter options.
In addition to a severity color and alert type, some alerts may have analyst or remediation updates, indicated by the envelope icon. The title text of alerts that have not yet been read is in bold on a white background (read alerts are not bold, on a grey background).
The Alert header and Alert description sections provide more alert details including a description and recommendations. You can also perform some alert activities from this section.
For more information about the Alerts page, see Managing Alerts.
Use the alert action buttons to perform the following tasks:
| To do this | Click here | Description |
|---|---|---|
| Change severity |  | Change the alert severity. |
| Close |  | Close the alert and remove it from the Alerts list. |
| Assign |  | Assign an alert to another Threat Command user in your organization. |
| Flag |  | Add a flag to an alert to make it easier to find later. |
| Tag | | Add a tag to an alert so it can be grouped with other, similar alerts. |
| Ask an analyst |  | Ask a Threat Command analyst about an alert. |
| Remediate: Takedown |  | Initiate a request to remove the threat. |
| Remediate: Report | | Warn Google Web Risk or PhishTank about the potential danger of the indicator of compromise. |
| Add a note |  | Add an internal note to an alert. |
There are many more alert actions, described in the Alert actions table.
The Threat Command module provides you with the tools to manage those alerts that are most relevant to your company. The management cycle is recursive. Alerts are managed, new alerts are displayed, and the cycle starts again.
Where to go from here
- To continue with the full functionality of managing alerts, see Managing Alerts
- For more information about the Threat Command dashboard, see Threat Command Dashboard.
- To monitor threats, see Monitoring Threats.