Digital Risk Protection (Threat Command) Quick Start”
Copy link

Use the Digital Risk Protection (Threat Command) Alerts page to manage alerts.

Before you begin, ensure that company assets are defined, as described in Configuring Assets. This is typically performed by the Digital Risk Protection (Threat Command) administrator.

Alerts are displayed in the Alerts page.

  1. Log in at https://dashboard.ti.insight.rapid7.com.
    For more information, see Log in to Rapid7 Digital Risk Protection (Threat Command).

  2. From the Digital Risk Protection (Threat Command) main menu, point to Digital Risk Protection (Threat Command) or its icon temporary placeholder, then select Alerts.
    The Alerts page is displayed.
    Alerts are displayed in theAlerts list. When you select an alert, the Alert header, Alert description, and the Alert options pane are displayed alongside the alert.

    temporary placeholder

Alerts page

The default Alerts list shows open alerts, sorted by last updated. You can change the view with the various filter options. The summary numbers on top of the Alerts list reflect the alerts that match the current filter options.

In addition to a severity color and alert type, some alerts may have analyst or remediation updates, indicated by the envelope icon. The title text of alerts that have not yet been read is in bold on a white background (read alerts are not bold, on a grey background).

The Alert header and Alert description sections provide more alert details including a description and recommendations. You can also perform some alert activities from this section.

For more information about the Alerts page, see Managing Alerts.

Use the alert action buttons to perform the following tasks:

To do thisClick hereDescription
Change severitytemporary placeholderChange the alert severity.
Closetemporary placeholderClose the alert and remove it from the Alerts list.
Assigntemporary placeholderAssign an alert to another Digital Risk Protection (Threat Command) user in your organization.
Flagtemporary placeholderAdd a flag to an alert to make it easier to find later.
Tagtemporary placeholderAdd a tag to an alert so it can be grouped with other, similar alerts.
Ask an analysttemporary placeholderAsk a Digital Risk Protection (Threat Command) analyst about an alert.
Remediate: Takedowntemporary placeholderInitiate a request to remove the threat.
Remediate: Reporttemporary placeholderWarn Google Web Risk or PhishTank about the potential danger of the indicator of compromise.
Add a notetemporary placeholderAdd an internal note to an alert.

There are many more alert actions, described in the Alert actions table.

The Digital Risk Protection (Threat Command) module provides you with the tools to manage those alerts that are most relevant to your company. The management cycle is recursive. Alerts are managed, new alerts are displayed, and the cycle starts again.

Where to go from here
Copy link

  • To continue with the full functionality of managing alerts, see Managing Alerts
  • For more information about the Digital Risk Protection (Threat Command) dashboard, see Digital Risk Protection (Threat Command) Dashboard](doc:threat-command-dashboard).
  • To monitor threats, see Monitoring Threats.